Edit tour

Windows Analysis Report
SecuriteInfo.com.Riskware.OfferCore.5002.4698.exe

Overview

General Information

Sample name:	SecuriteInfo.com.Riskware.OfferCore.5002.4698.exe
Analysis ID:	1476246
MD5:	3cb0739401d24b6bc0c65e337e15c104
SHA1:	aefca0e1d01e9ffecd8cc2a0c9dc495d6f5fe9d8
SHA256:	48053935a1b62d13f2a1301d42a3be930bb4718e8476c32b5050512209fdb3bb
Tags:	exe
Infos:

Detection

PrivateLoader

Score:	46
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Compliance

Score:	51
Range:	0 - 100

Signatures

Multi AV Scanner detection for submitted file

Yara detected PrivateLoader

Contains functionality to infect the boot sector

Found suspicious ZIP file

NDIS Filter Driver detected (likely used to intercept and sniff network traffic)

Potentially malicious time measurement code found

Query firmware table information (likely to detect VMs)

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Writes a notice file (html or txt) to demand a ransom

Writes many files with high entropy

Yara detected QueryWinSAT ClassID

AV process strings found (often used to terminate AV products)

Adds / modifies Windows certificates

Allocates memory with a write watch (potentially for evading sandboxes)

Checks if the current process is being debugged

Contains functionality for execution timing, often used to detect debuggers

Contains functionality for read data from the clipboard

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)

Contains functionality to communicate with device drivers

Contains functionality to create guard pages, often used to hinder reverse engineering and debugging

Contains functionality to dynamically determine API calls

Contains functionality to launch a process as a different user

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains functionality to shutdown / reboot the system

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Creates COM task schedule object (often to register a task for autostart)

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Creates or modifies windows services

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Drops PE files

Drops PE files to the windows directory (C:\Windows)

Drops certificate files (DER)

Enables debug privileges

Extensive use of GetProcAddress (often used to hide API calls)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found potential string decryption / allocating functions

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

One or more processes crash

PE file contains an invalid checksum

PE file contains executable resources (Code or Archives)

PE file contains more sections than normal

PE file contains sections with non-standard names

PE file does not import any functions

Queries disk information (often used to detect virtual machines)

Queries information about the installed CPU (vendor, model number etc)

Queries keyboard layouts

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Sleep loop found (likely to delay execution)

Stores files to the Windows start menu directory

Stores large binary data to the registry

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

query blbeacon for getting browser version

Classification

Process Tree

System is w10x64

SecuriteInfo.com.Riskware.OfferCore.5002.4698.exe (PID: 6688 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.Riskware.OfferCore.5002.4698.exe" MD5: 3CB0739401D24B6BC0C65E337E15C104)

SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp (PID: 6740 cmdline: "C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp" /SL5="$10418,1635575,878080,C:\Users\user\Desktop\SecuriteInfo.com.Riskware.OfferCore.5002.4698.exe" MD5: DD40149397C65DB7E46877143552AAC5)

BitComet_2.08a_setup.exe (PID: 4180 cmdline: "C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe" /S MD5: 4F45F9BD3CC4739BDC91A4D183C0DC01)

BitCometService.exe (PID: 5824 cmdline: "C:\Program Files\BitComet\tools\BitCometService.exe" /reg MD5: AE7FBFF183FF30913EBEB38913E8CFAD)

BitComet_stats.exe (PID: 2228 cmdline: "C:\Users\user\AppData\Local\Temp\nscA1E4.tmp\BitComet_stats.exe" https://www.bitcomet.com/client/install-stats/?l=en_us&file=BitComet_2.08a_setup.exe&p=x64 MD5: EDB96675541D0275C42096B64D794D3B)

saBSI.exe (PID: 6316 cmdline: "C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe" /affid 91088 PaidDistribution=true CountryCode=US MD5: 143255618462A577DE27286A272584E1)

installer.exe (PID: 8024 cmdline: "C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\\installer.exe" /setOem:Affid=91088 /s /thirdparty /upgrade MD5: E1DD69840A8965E125AA7F311B6D8EFB)

avg_antivirus_free_setup.exe (PID: 6576 cmdline: "C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe" /silent /ws /psh:92pTu5fbOaMVqHXWzRazGwcsjZOgyQNZV0BXrS1y4TWZ27PXSitlzA5vE30PraTCAoRM4emN7pEfhI MD5: 26816AF65F2A3F1C61FB44C682510C97)

avg_antivirus_free_online_setup.exe (PID: 824 cmdline: "C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe" /silent /ws /psh:92pTu5fbOaMVqHXWzRazGwcsjZOgyQNZV0BXrS1y4TWZ27PXSitlzA5vE30PraTCAoRM4emN7pEfhI /cookie:mmm_irs_ppi_902_451_o /ga_clientid:1840c678-d62a-4945-8e4f-36eaf3f0c4a5 /edat_dir:C:\Windows\Temp\asw.481015ae89dc80a3 MD5: 89799311702BD341AA9B7DAEE903B5C2)

icarus.exe (PID: 7884 cmdline: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\common\icarus.exe /icarus-info-path:C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\icarus-info.xml /install /silent /ws /psh:92pTu5fbOaMVqHXWzRazGwcsjZOgyQNZV0BXrS1y4TWZ27PXSitlzA5vE30PraTCAoRM4emN7pEfhI /cookie:mmm_irs_ppi_902_451_o /edat_dir:C:\Windows\Temp\asw.481015ae89dc80a3 /track-guid:1840c678-d62a-4945-8e4f-36eaf3f0c4a5 MD5: 251369428A0E2D87308E7A9FAA387270)

BitComet.exe (PID: 6072 cmdline: "C:\Program Files\BitComet\BitComet.exe" --no_elevated MD5: BFDFE1495ADA381F3D57C6E6DF04E189)

WerFault.exe (PID: 1696 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6740 -s 968 MD5: C31336C1EFC2CCB44B4326EA793040F2)

WerFault.exe (PID: 7796 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6740 -s 968 MD5: C31336C1EFC2CCB44B4326EA793040F2)

svchost.exe (PID: 5688 cmdline: C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

BitComet.exe (PID: 6032 cmdline: "C:\Program Files\BitComet\BitComet.exe" MD5: BFDFE1495ADA381F3D57C6E6DF04E189)

UPNP.exe (PID: 5212 cmdline: "C:\Program Files\BitComet\tools\UPNP.exe" -addfw -app BitComet -tcpport 9652 -udpport 9652 -q MD5: FEBBAF0C03103A63E0141A96535B7745)

msedgewebview2.exe (PID: 3332 cmdline: "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=BitComet.exe --webview-exe-version=2.08 --user-data-dir="C:\Users\user\AppData\Local\BitComet\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=6032.3612.7348265561393428437 MD5: 9909D978B39FB7369F511D8506C17CA0)

msedgewebview2.exe (PID: 3652 cmdline: "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\user\AppData\Local\BitComet\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\user\AppData\Local\BitComet\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=117.0.2045.47 --initial-client-data=0x15c,0x160,0x164,0x138,0x170,0x7ffdfab78e88,0x7ffdfab78e98,0x7ffdfab78ea8 MD5: 9909D978B39FB7369F511D8506C17CA0)

msedgewebview2.exe (PID: 2932 cmdline: "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\BitComet\EBWebView" --webview-exe-name=BitComet.exe --webview-exe-version=2.08 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2484 --field-trial-handle=2496,i,9344401132103162842,1077608115730467345,262144 --enable-features=MojoIpcz /prefetch:2 MD5: 9909D978B39FB7369F511D8506C17CA0)

msedgewebview2.exe (PID: 3608 cmdline: "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\BitComet\EBWebView" --webview-exe-name=BitComet.exe --webview-exe-version=2.08 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2924 --field-trial-handle=2496,i,9344401132103162842,1077608115730467345,262144 --enable-features=MojoIpcz /prefetch:3 MD5: 9909D978B39FB7369F511D8506C17CA0)

msedgewebview2.exe (PID: 980 cmdline: "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\BitComet\EBWebView" --webview-exe-name=BitComet.exe --webview-exe-version=2.08 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2920 --field-trial-handle=2496,i,9344401132103162842,1077608115730467345,262144 --enable-features=MojoIpcz /prefetch:8 MD5: 9909D978B39FB7369F511D8506C17CA0)

msedgewebview2.exe (PID: 1236 cmdline: "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\BitComet\EBWebView" --webview-exe-name=BitComet.exe --webview-exe-version=2.08 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --disable-nacl --first-renderer-process --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1721324864909880 --launch-time-ticks=6693313984 --mojo-platform-channel-handle=3272 --field-trial-handle=2496,i,9344401132103162842,1077608115730467345,262144 --enable-features=MojoIpcz /prefetch:1 MD5: 9909D978B39FB7369F511D8506C17CA0)

msedgewebview2.exe (PID: 2672 cmdline: "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\BitComet\EBWebView" --webview-exe-name=BitComet.exe --webview-exe-version=2.08 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --disable-nacl --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1721324864909880 --launch-time-ticks=6693485965 --mojo-platform-channel-handle=3588 --field-trial-handle=2496,i,9344401132103162842,1077608115730467345,262144 --enable-features=MojoIpcz /prefetch:1 MD5: 9909D978B39FB7369F511D8506C17CA0)

msedgewebview2.exe (PID: 6580 cmdline: "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\BitComet\EBWebView" --webview-exe-name=BitComet.exe --webview-exe-version=2.08 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --disable-nacl --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1721324864909880 --launch-time-ticks=6693635288 --mojo-platform-channel-handle=3776 --field-trial-handle=2496,i,9344401132103162842,1077608115730467345,262144 --enable-features=MojoIpcz /prefetch:1 MD5: 9909D978B39FB7369F511D8506C17CA0)

msedgewebview2.exe (PID: 6768 cmdline: "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\BitComet\EBWebView" --webview-exe-name=BitComet.exe --webview-exe-version=2.08 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --disable-nacl --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1721324864909880 --launch-time-ticks=6693754114 --mojo-platform-channel-handle=4048 --field-trial-handle=2496,i,9344401132103162842,1077608115730467345,262144 --enable-features=MojoIpcz /prefetch:1 MD5: 9909D978B39FB7369F511D8506C17CA0)

msedgewebview2.exe (PID: 7288 cmdline: "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\BitComet\EBWebView" --webview-exe-name=BitComet.exe --webview-exe-version=2.08 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --disable-nacl --disable-gpu-compositing --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1721324864909880 --launch-time-ticks=6697808392 --mojo-platform-channel-handle=4692 --field-trial-handle=2496,i,9344401132103162842,1077608115730467345,262144 --enable-features=MojoIpcz /prefetch:1 MD5: 9909D978B39FB7369F511D8506C17CA0)

msedgewebview2.exe (PID: 7352 cmdline: "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\BitComet\EBWebView" --webview-exe-name=BitComet.exe --webview-exe-version=2.08 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --disable-nacl --disable-gpu-compositing --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1721324864909880 --launch-time-ticks=6698303265 --mojo-platform-channel-handle=4760 --field-trial-handle=2496,i,9344401132103162842,1077608115730467345,262144 --enable-features=MojoIpcz /prefetch:1 MD5: 9909D978B39FB7369F511D8506C17CA0)

UPNP.exe (PID: 2472 cmdline: "C:\Program Files\BitComet\tools\UPNP.exe" -add -app BitComet -lanip 192.168.2.4 -tcpport 9652 -udpport 9652 -q MD5: FEBBAF0C03103A63E0141A96535B7745)

BitCometService.exe (PID: 4140 cmdline: "C:\Program Files\BitComet\tools\BitCometService.exe" -service MD5: AE7FBFF183FF30913EBEB38913E8CFAD)

svchost.exe (PID: 5808 cmdline: C:\Windows\System32\svchost.exe -k WerSvcGroup MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

WerFault.exe (PID: 5180 cmdline: C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 6740 -ip 6740 MD5: C31336C1EFC2CCB44B4326EA793040F2)

WerFault.exe (PID: 7776 cmdline: C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 6740 -ip 6740 MD5: C31336C1EFC2CCB44B4326EA793040F2)

svchost.exe (PID: 4248 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
PrivateLoader	According to sekoia, PrivateLoader is a modular malware whose main capability is to download and execute one or several payloads. The loader implements anti-analysis techniques, fingerprints the compromised host and reports statistics to its C2 server.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://any.run/cybersecurity-blog/privateloader-analyzing-the-encryption-and-decryption-of-a-modern-loader/ https://bitsight.com/blog/unveiling-socks5systemz-rise-new-proxy-service-privateloader-and-amadey https://blog.sekoia.io/privateloader-the-loader-of-the-prevalent-ruzki-ppi-service/ https://blog.sekoia.io/traffers-a-deep-dive-into-the-information-stealer-ecosystem	https://malpedia.caad.fkie.fraunhofer.de/details/win.privateloader

Yara Signatures

Dropped Files

Source	Rule	Description	Author
C:\Program Files\BitComet\tools\BitCometService.exe	JoeSecurity_PrivateLoader	Yara detected PrivateLoader	Joe Security
C:\Program Files\BitComet\tools\VideoSnapshot.exe	JoeSecurity_PrivateLoader	Yara detected PrivateLoader	Joe Security
C:\Program Files\BitComet\tools\VideoSnapshot.exe	JoeSecurity_PrivateLoader	Yara detected PrivateLoader	Joe Security
C:\Users\user\AppData\Local\Temp\nsrA1A4.tmp	JoeSecurity_PrivateLoader	Yara detected PrivateLoader	Joe Security

Memory Dumps

Source	Rule	Description	Author
00000007.00000000.2218766402.0000000000401000.00000020.00000001.01000000.00000011.sdmp	JoeSecurity_PrivateLoader	Yara detected PrivateLoader	Joe Security
0000000F.00000000.2414944136.0000000000401000.00000020.00000001.01000000.00000011.sdmp	JoeSecurity_PrivateLoader	Yara detected PrivateLoader	Joe Security
0000000F.00000002.2966448744.0000000000401000.00000020.00000001.01000000.00000011.sdmp	JoeSecurity_PrivateLoader	Yara detected PrivateLoader	Joe Security
00000005.00000002.2249442158.0000000002794000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_PrivateLoader	Yara detected PrivateLoader	Joe Security
00000001.00000003.2291295416.0000000000884000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_QueryWinSATClassID	Yara detected QueryWinSAT ClassID	Joe Security
00000007.00000002.2219985855.0000000000401000.00000020.00000001.01000000.00000011.sdmp	JoeSecurity_PrivateLoader	Yara detected PrivateLoader	Joe Security
Process Memory Space: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp PID: 6740	JoeSecurity_QueryWinSATClassID	Yara detected QueryWinSAT ClassID	Joe Security
Click to see the 2 entries

Unpacked PEs

Source	Rule	Description	Author
7.0.BitCometService.exe.400000.0.unpack	JoeSecurity_PrivateLoader	Yara detected PrivateLoader	Joe Security
7.2.BitCometService.exe.400000.0.unpack	JoeSecurity_PrivateLoader	Yara detected PrivateLoader	Joe Security
15.2.BitCometService.exe.400000.0.unpack	JoeSecurity_PrivateLoader	Yara detected PrivateLoader	Joe Security
15.0.BitCometService.exe.400000.0.unpack	JoeSecurity_PrivateLoader	Yara detected PrivateLoader	Joe Security
5.2.BitComet_2.08a_setup.exe.2795664.2.unpack	JoeSecurity_PrivateLoader	Yara detected PrivateLoader	Joe Security
5.2.BitComet_2.08a_setup.exe.2a24690.3.raw.unpack	JoeSecurity_PrivateLoader	Yara detected PrivateLoader	Joe Security
5.2.BitComet_2.08a_setup.exe.2795664.2.raw.unpack	JoeSecurity_PrivateLoader	Yara detected PrivateLoader	Joe Security
Click to see the 2 entries

Sigma Signatures

System Summary

Sigma detected: Windows Processes Suspicious Parent Directory

Source: Process started

Author: vburov: Data: Command: C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager, CommandLine: C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 620, ProcessCommandLine: C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager, ProcessId: 5688, ProcessName: svchost.exe

Snort Signatures

⊘No Snort rule has matched

Suricata Signatures

ET ADWARE_PUP Win32/OfferCore Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 143.204.205.88

Timestamp:	2024-07-18T21:39:09.215258+0200
SID:	2053283
Source Port:	49753
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET ADWARE_PUP Win32/OfferCore Checkin M1 - Source IP: 192.168.2.4 - Destination IP: 13.249.12.125

Timestamp:	2024-07-18T21:38:07.239150+0200
SID:	2053280
Source Port:	49734
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET ADWARE_PUP Win32/OfferCore Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 13.249.12.125

Timestamp:	2024-07-18T21:38:57.817749+0200
SID:	2053283
Source Port:	49748
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET ADWARE_PUP Win32/OfferCore Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 13.249.12.125

Timestamp:	2024-07-18T21:38:09.209567+0200
SID:	2053283
Source Port:	49735
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET ADWARE_PUP Win32/OfferCore Checkin M2 - Source IP: 192.168.2.4 - Destination IP: 143.204.205.88

Timestamp:	2024-07-18T21:39:07.291314+0200
SID:	2053283
Source Port:	49750
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.exe

ReversingLabs: Detection: 18%

Cryptography

Uses Microsoft's Enhanced Cryptographic Provider

Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Code function: 10_2_006814F0 CryptMsgGetParam,CryptMsgGetParam,CryptMsgGetParam,CryptMsgGetParam,CertGetSubjectCertificateFromStore,CryptMsgGetParam,CertFreeCRLContext,CertFreeCRLContext,	10_2_006814F0
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Code function: 10_2_006817A0 CryptQueryObject,CryptMsgClose,CertCloseStore,CryptMsgClose,CertCloseStore,CryptMsgClose,CryptQueryObject,CryptMsgClose,CertCloseStore,CertCloseStore,CryptMsgClose,CertCloseStore,CryptMsgClose,CertCloseStore,CertCloseStore,CryptMsgClose,CertCloseStore,CryptMsgClose,CertCloseStore,CryptMsgClose,CertCloseStore,	10_2_006817A0
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Code function: 10_2_00635870 GetCurrentProcessId,GetCurrentThreadId,CreateFileW,CreateFileW,CreateFileW,CreateFileW,CreateFileW,CreateFileW,UuidCreate,UuidCreate,CryptAcquireContextW,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,CryptAcquireContextW,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,	10_2_00635870
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Code function: 10_2_00636220 GetCurrentProcessId,GetCurrentThreadId,CryptAcquireContextW,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,DeviceIoControl,DeviceIoControl,	10_2_00636220
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Code function: 10_2_0066E610 CryptMsgClose,	10_2_0066E610
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Code function: 10_2_006367B0 GetCurrentProcessId,GetCurrentThreadId,CryptAcquireContextW,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,DeviceIoControl,DeviceIoControl,	10_2_006367B0
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Code function: 10_2_0066EB60 CryptQueryObject,CryptMsgClose,CertCloseStore,CryptMsgClose,CertCloseStore,CryptQueryObject,CryptMsgClose,CryptMsgClose,CertCloseStore,CertCloseStore,CryptMsgClose,CertCloseStore,CryptMsgClose,CryptMsgClose,CertCloseStore,CertCloseStore,CryptMsgClose,CertCloseStore,CryptMsgClose,CertCloseStore,CryptMsgClose,CertCloseStore,	10_2_0066EB60
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Code function: 10_2_0066F150 CryptMsgGetParam,CryptMsgGetParam,CryptMsgGetParam,CertGetSubjectCertificateFromStore,CertFreeCRLContext,	10_2_0066F150
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Code function: 10_2_0066F3C0 CryptMsgGetParam,CryptMsgGetParam,CryptMsgGetParam,CertGetSubjectCertificateFromStore,CertGetNameStringW,CertGetNameStringW,CertGetCertificateChain,CertFreeCertificateChain,CertFreeCertificateChain,CertVerifyCertificateChainPolicy,CertFreeCertificateChain,CertFreeCRLContext,CertFreeCRLContext,	10_2_0066F3C0
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe	Code function: 11_2_000AB0E0 CryptDestroyHash,CryptDestroyHash,	11_2_000AB0E0
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe	Code function: 11_2_000A9250 CryptGenRandom,GetLastError,__CxxThrowException@8,	11_2_000A9250
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe	Code function: 11_2_000A82F0 CryptDestroyHash,	11_2_000A82F0
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe	Code function: 11_2_000A9450 CryptCreateHash,CryptDestroyHash,GetLastError,__CxxThrowException@8,	11_2_000A9450
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe	Code function: 11_2_000A8DC0 lstrcatA,CryptAcquireContextA,CryptReleaseContext,GetLastError,__CxxThrowException@8,CryptReleaseContext,	11_2_000A8DC0
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe	Code function: 11_2_000A9020 CryptCreateHash,CryptDestroyHash,CryptHashData,CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,GetLastError,__CxxThrowException@8,GetLastError,__CxxThrowException@8,GetLastError,__CxxThrowException@8,GetLastError,__CxxThrowException@8,	11_2_000A9020
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe	Code function: 11_2_000A8260 CryptDestroyHash,	11_2_000A8260
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe	Code function: 11_2_000A9340 CryptGetHashParam,CryptGetHashParam,GetLastError,__CxxThrowException@8,GetLastError,__CxxThrowException@8,	11_2_000A9340
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe	Code function: 11_2_000A94D0 CryptHashData,GetLastError,__CxxThrowException@8,	11_2_000A94D0
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe	Code function: 11_2_000C2660 CryptReleaseContext,	11_2_000C2660
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe	Code function: 11_2_000A8EF0 CryptReleaseContext,	11_2_000A8EF0
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Code function: 12_2_00D10BB0 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GlobalMemoryStatusEx,GetDiskFreeSpaceExW,GetSystemTimes,QueryPerformanceCounter,CryptAcquireContextW,CryptGenRandom,CryptReleaseContext,	12_2_00D10BB0
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Code function: 12_2_00D45AD0 CryptProtectData,GetLastError,Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error,CryptUnprotectData,GetLastError,Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error,GetLastError,Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error,	12_2_00D45AD0

Source: avg_antivirus_free_online_setup.exe, 0000000C.00000003.2450616405.0000000005E8C000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: -----BEGIN PUBLIC KEY-----

memstr_efd5b7aa-e

Bitcoin Miner

Source: C:\Program Files\BitComet\BitComet.exe

Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION BitComet.exe

Compliance

Uses 32bit PE files

Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

Found installer window with terms and condition text

Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp

Window detected: HYPERLINK "http://www.bitcomet.com/doc/term-of-use.php" End User License AgreementHYPERLINK "https://www.bitcomet.com/doc/privacy-policy.php" Privacy PolicyThis will install BitComet to your computer click "Next" to continue.BitComet is a free BitTorrent download client! BitComet is powerful super-fast and easy-to-use.Welcome to BitComet Installer&NextCancel

Creates a directory in C:\Program Files

Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\ReadMe.txt	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\License.txt	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\ChangeLog.txt	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\BitComet.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\CrashReport.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\WebView2Loader.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-ar.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-bg.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-bs.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-ca.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-cs.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-da.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-de.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-el.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-en_US.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-es.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-et.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-eu.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-fa.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-fi.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-fr.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-gl.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-he.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-hr.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-hu.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-hy.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-id.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-it.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-ja.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-kk.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-kn.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-ko.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-ku.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-lt.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-lv.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-mk.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-ms.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-nb.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-ne.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-nl.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-pl.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-pt.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-pt_BR.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-ro.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-ru.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-sk.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-sl.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-sq.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-sr.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-sv.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-ta.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-th.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-tr.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-ug.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-uk.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-ur.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-vi.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-zh_CN.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-zh_TW.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\HowTo-Translate.txt	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\ip2location	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\ip2location\ip2location.bin	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\ip2location\ip2location-country-multilingual.csv	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\tools	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\tools\UPNP.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\tools\VideoSnapshot.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\tools\Updater.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\tools\BitCometToastsNotifier.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\tools\BitCometToastsNotifier.png	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\tools\ChromeLauncher.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\tools\ChromeLauncherManifest.json	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\tools\ChromeExtension.crx	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\tools\EdgeExtension.crx	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\tools\FirefoxLauncherManifest.json	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\tools\FirefoxExtension.xpi	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\tools\BitCometAgent_1.92.7.9.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\tools\BitCometService.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\BitComet.url	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\uninst.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\analyticsmanager.cab
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\analyticstelemetry.cab
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\balloon_safe_annotation.png
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\browserhost.cab
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\browserplugin.cab
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\downloadscan.cab
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\eventmanager.cab
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\icon_complete.png
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\icon_failed.png
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\icon_laptop.png
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\installer.exe
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jquery-1.9.0.min.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\l10n.cab
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\logicmodule.cab
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\logicscripts.cab
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\lookupmanager.cab
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\main_close_large.png
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\mcafeecerts.xml
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\mcafee_pc_install_icon.png
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\mcafee_pc_install_icon2.png
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\mfw-mwb.cab
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\mfw-nps.cab
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\mfw-webadvisor.cab
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\mfw.cab
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\resource.dll
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\resourcedll.cab
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\servicehost.cab
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\settingmanager.cab
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\taskmanager.cab
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\telemetry.cab
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\uihost.cab
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\uimanager.cab
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\uninstaller.cab
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\updater.cab
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\wa-common.css
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\wa-core.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\wa-install.css
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\wa-install.html
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\wa-ui-install.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\wa-utils.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\wataskmanager.cab
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\wa_install_check.png
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\wa_install_check2.png
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\wa_install_close.png
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\wa_install_close2.png
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\wa_install_error.png
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\wa_logo.png
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\wa_logo2.png
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\webadvisor.cab
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\webadvisor.ico
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\wssdep.cab
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-cs-CZ.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-da-DK.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-de-DE.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-el-GR.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-en-US.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-es-ES.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-es-MX.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-fi-FI.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-fr-CA.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-fr-FR.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-hr-HR.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-hu-HU.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-it-IT.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-ja-JP.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-ko-KR.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-nb-NO.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-nl-NL.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-pl-PL.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-pt-BR.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-pt-PT.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-ru-RU.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-sk-SK.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-sr-Latn-CS.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-sv-SE.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-tr-TR.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-zh-CN.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-zh-TW.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-install-cs-CZ.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-install-da-DK.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-install-de-DE.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-install-el-GR.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-install-en-US.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-install-es-ES.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-install-es-MX.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-install-fi-FI.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-install-fr-CA.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-install-fr-FR.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-install-hr-HR.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-install-hu-HU.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-install-it-IT.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-install-ja-JP.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-install-ko-KR.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-install-nb-NO.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-install-nl-NL.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-install-pl-PL.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-install-pt-BR.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-install-pt-PT.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-install-ru-RU.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-install-sk-SK.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-install-sr-Latn-CS.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-install-sv-SE.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-install-tr-TR.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-install-zh-CN.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-install-zh-TW.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-shared-cs-CZ.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-shared-da-DK.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-shared-de-DE.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-shared-el-GR.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-shared-en-US.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-shared-es-ES.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-shared-es-MX.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-shared-fi-FI.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-shared-fr-CA.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-shared-fr-FR.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-shared-hr-HR.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-shared-hu-HU.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-shared-it-IT.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-shared-ja-JP.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-shared-ko-KR.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-shared-nb-NO.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-shared-nl-NL.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-shared-pl-PL.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-shared-pt-BR.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-shared-pt-PT.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-shared-ru-RU.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-shared-sk-SK.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-shared-sr-Latn-CS.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-shared-sv-SE.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-shared-tr-TR.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-shared-zh-CN.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-shared-zh-TW.js

Creates license or readme file

Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	File created: C:\Program Files\BitComet\ReadMe.txt	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	File created: C:\Program Files\BitComet\License.txt	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	File created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-cs-CZ.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	File created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-da-DK.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	File created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-de-DE.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	File created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-el-GR.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	File created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-en-US.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	File created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-es-ES.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	File created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-es-MX.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	File created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-fi-FI.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	File created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-fr-CA.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	File created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-fr-FR.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	File created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-hr-HR.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	File created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-hu-HU.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	File created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-it-IT.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	File created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-ja-JP.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	File created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-ko-KR.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	File created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-nb-NO.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	File created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-nl-NL.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	File created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-pl-PL.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	File created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-pt-BR.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	File created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-pt-PT.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	File created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-ru-RU.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	File created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-sk-SK.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	File created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-sr-Latn-CS.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	File created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-sv-SE.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	File created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-tr-TR.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	File created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-zh-CN.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	File created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-zh-TW.txt

PE / OLE file has a valid certificate

Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.exe

Static PE information: certificate valid

Uses secure TLS version for HTTPS connections

Source: unknown	HTTPS traffic detected: 13.249.12.125:443 -> 192.168.2.4:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.249.12.125:443 -> 192.168.2.4:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.249.12.125:443 -> 192.168.2.4:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.249.12.125:443 -> 192.168.2.4:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.249.12.125:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.249.12.125:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.249.12.125:443 -> 192.168.2.4:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 143.204.205.88:443 -> 192.168.2.4:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.25.171.187:443 -> 192.168.2.4:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 143.204.205.88:443 -> 192.168.2.4:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.4:49760 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.4:49762 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.25.171.187:443 -> 192.168.2.4:49777 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.4:49832 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.4:49833 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.176.28:443 -> 192.168.2.4:49834 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.176.28:443 -> 192.168.2.4:49836 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.4:49867 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.4:49869 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.176.28:443 -> 192.168.2.4:49870 version: TLS 1.2

Contains modern PE file flags such as dynamic base (ASLR) or NX

Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Binary contains paths to debug symbols

Source:	Binary string: F:\develop\VideoSnap\app\Release_unicode\VideoSnapshot.pdb source: BitComet_2.08a_setup.exe, 00000005.00000002.2249442158.0000000002794000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\develop\BitCometAgent_ActiveX\app\Release_Unicode\BitCometAgent_ActiveX.pdb source: BitComet_2.08a_setup.exe, 00000005.00000002.2249442158.0000000002794000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\avDump.pdb= source: avg_antivirus_free_online_setup.exe, 0000000C.00000003.2539291834.0000000005D30000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x86\icarus_mod.pdb source: avg_antivirus_free_online_setup.exe, 0000000C.00000003.2418861617.0000000005B49000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x86\icarus_sfx.pdb source: avg_antivirus_free_online_setup.exe, 0000000C.00000002.2995522970.0000000005490000.00000002.00000001.00040000.00000018.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000000.2390280020.0000000000DC7000.00000002.00000001.01000000.00000018.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000002.2964747983.0000000000DC7000.00000002.00000001.01000000.00000018.sdmp
Source:	Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\icarus_ui.pdb source: avg_antivirus_free_online_setup.exe, 0000000C.00000003.2504355859.0000000006006000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\jenkins\workspace\ebAdvisor_WABinary_release_4.1.1\build\Win32\Release\SaBsi.pdb source: saBSI.exe, 0000000A.00000000.2344892193.00000000006DE000.00000002.00000001.01000000.00000016.sdmp, saBSI.exe, 0000000A.00000002.2896762694.00000000006DE000.00000002.00000001.01000000.00000016.sdmp
Source:	Binary string: E:\develop\tools\desktop-toasts\Release\BitCometToastsNotifier.pdb source: BitComet_2.08a_setup.exe, 00000005.00000002.2249442158.0000000002794000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Source\Repos\DS-Platform\zbShield-Utils-CPP\zbShieldUtils\bin\Release\zbShieldUtils.pdb source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2405003876.00000000075E0000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: D:\develop\BitComet_2.08a\app\Release_unicode_x64\GUI_BitComet_wx.pdb source: BitComet.exe, 0000000D.00000002.2420857876.00007FF664E1C000.00000002.00000001.01000000.00000019.sdmp, BitComet.exe, 0000000D.00000000.2403166450.00007FF664E1C000.00000002.00000001.01000000.00000019.sdmp
Source:	Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\avDump.pdb source: avg_antivirus_free_online_setup.exe, 0000000C.00000003.2539291834.0000000005D30000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\Develop\BitCometExtension_IE\app\release_unicode\BitCometBHO.pdb source: BitComet_2.08a_setup.exe, 00000005.00000002.2249442158.000000000276B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\AvBugReport.pdb source: avg_antivirus_free_online_setup.exe, 0000000C.00000003.2577221124.0000000005DA0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\develop\CrashReport\CrashRpt_v3\bin\x64\Release LIB\CrashReport.pdbx source: BitComet.exe, 0000000D.00000003.2405439939.0000023E831E0000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: #F:\develop\VideoSnap\app\Release_unicode\VideoSnapshot.pdb source: BitComet_2.08a_setup.exe, 00000005.00000002.2249442158.0000000002794000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\icarus.pdb source: avg_antivirus_free_online_setup.exe, 0000000C.00000003.2450616405.0000000005E8C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\icarus.pdbU source: avg_antivirus_free_online_setup.exe, 0000000C.00000003.2450616405.0000000005E8C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\BUILD\work\8b0ebd312dc47f30\projects\avast\microstub\x86\Release\microstub.pdb source: avg_antivirus_free_setup.exe, 0000000B.00000000.2364390202.00000000000C3000.00000002.00000001.01000000.00000017.sdmp, avg_antivirus_free_setup.exe, 0000000B.00000002.2963084059.00000000000C3000.00000002.00000001.01000000.00000017.sdmp
Source:	Binary string: D:\develop\CrashReport\CrashRpt_v3\bin\x64\Release LIB\CrashReport.pdb source: BitComet.exe, 0000000D.00000003.2405439939.0000023E831E0000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\develop\BitCometExtension_Chrome\bc_launcher_for_chrome\Release\ChromeLauncher.pdb source: BitComet_2.08a_setup.exe, 00000005.00000002.2249442158.0000000002794000.00000004.00000020.00020000.00000000.sdmp

Spreading

Yara detected PrivateLoader

Source: Yara match	File source: 7.0.BitCometService.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.2.BitCometService.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.2.BitCometService.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.0.BitCometService.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.BitComet_2.08a_setup.exe.2795664.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.BitComet_2.08a_setup.exe.2a24690.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.BitComet_2.08a_setup.exe.2795664.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000007.00000000.2218766402.0000000000401000.00000020.00000001.01000000.00000011.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000000.2414944136.0000000000401000.00000020.00000001.01000000.00000011.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.2966448744.0000000000401000.00000020.00000001.01000000.00000011.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.2249442158.0000000002794000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.2219985855.0000000000401000.00000020.00000001.01000000.00000011.sdmp, type: MEMORY
Source: Yara match	File source: C:\Program Files\BitComet\tools\BitCometService.exe, type: DROPPED
Source: Yara match	File source: C:\Program Files\BitComet\tools\VideoSnapshot.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\nsrA1A4.tmp, type: DROPPED

Creates COM task schedule object (often to register a task for autostart)

Source: C:\Program Files\BitComet\BitComet.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files\BitComet\BitComet.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files\BitComet\BitComet.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files\BitComet\BitComet.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Program Files\BitComet\BitComet.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Program Files\BitComet\BitComet.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files\BitComet\BitComet.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files\BitComet\BitComet.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files\BitComet\BitComet.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Program Files\BitComet\BitComet.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Program Files\BitComet\BitComet.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32
Source: C:\Program Files\BitComet\BitComet.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer
Source: C:\Program Files\BitComet\BitComet.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files\BitComet\BitComet.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation
Source: C:\Program Files\BitComet\BitComet.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files\BitComet\BitComet.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs

Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Code function: 5_2_0040672B FindFirstFileW,FindClose,	5_2_0040672B
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Code function: 5_2_00405AFA CloseHandle,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,	5_2_00405AFA
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Code function: 5_2_00402868 FindFirstFileW,	5_2_00402868
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Code function: 12_2_00D0C5F0 FindFirstFileExW,GetLastError,PathMatchSpecW,FindNextFileW,GetLastError,FindClose,	12_2_00D0C5F0
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Code function: 12_2_00D0A030 FindFirstFileW,FindNextFileW,FindClose,GetFileAttributesW,GetFileAttributesW,SetFileAttributesW,RemoveDirectoryW,Sleep,GetFileAttributesW,	12_2_00D0A030
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Code function: 12_2_00D34F20 FindFirstFileW,MoveFileExW,GetLastError,FindNextFileW,GetFileAttributesW,GetLastError,MoveFileExW,GetLastError,FindClose,	12_2_00D34F20

Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	File opened: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	File opened: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	File opened: C:\Users\user\AppData\Local\Temp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	File opened: C:\Users\user\AppData\Local	Jump to behavior

Networking

Yara detected PrivateLoader

Source: Yara match	File source: 7.0.BitCometService.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.2.BitCometService.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.2.BitCometService.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.0.BitCometService.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.BitComet_2.08a_setup.exe.2795664.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.BitComet_2.08a_setup.exe.2a24690.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.BitComet_2.08a_setup.exe.2795664.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000007.00000000.2218766402.0000000000401000.00000020.00000001.01000000.00000011.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000000.2414944136.0000000000401000.00000020.00000001.01000000.00000011.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.2966448744.0000000000401000.00000020.00000001.01000000.00000011.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.2249442158.0000000002794000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.2219985855.0000000000401000.00000020.00000001.01000000.00000011.sdmp, type: MEMORY
Source: Yara match	File source: C:\Program Files\BitComet\tools\BitCometService.exe, type: DROPPED
Source: Yara match	File source: C:\Program Files\BitComet\tools\VideoSnapshot.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\nsrA1A4.tmp, type: DROPPED

NDIS Filter Driver detected (likely used to intercept and sniff network traffic)

Source: icarus_product.dll0.39.dr

Static PE information: Found NDIS imports: FwpmCalloutDestroyEnumHandle0, FwpmFilterDestroyEnumHandle0, FwpmFreeMemory0, FwpmSubLayerDestroyEnumHandle0, FwpmSubLayerEnum0, FwpmEngineClose0, FwpmTransactionAbort0, FwpmEngineOpen0, FwpmCalloutEnum0, FwpmProviderDeleteByKey0, FwpmTransactionBegin0, FwpmFilterDeleteByKey0, FwpmCalloutCreateEnumHandle0, FwpmTransactionCommit0, FwpmSubLayerCreateEnumHandle0, FwpmFilterCreateEnumHandle0, FwpmSubLayerDeleteByKey0, FwpmCalloutDeleteByKey0, FwpmFilterEnum0

Detected TCP or UDP traffic on non-standard ports

Source: global traffic	TCP traffic: 192.168.2.4:49788 -> 161.97.134.106:5437
Source: global traffic	UDP traffic: 192.168.2.4:9652 -> 87.98.162.88:6881
Source: global traffic	UDP traffic: 192.168.2.4:9652 -> 146.12.137.105:50214

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 162.159.61.3 162.159.61.3
Source: Joe Sandbox View	IP Address: 172.64.41.3 172.64.41.3
Source: Joe Sandbox View	IP Address: 34.160.176.28 34.160.176.28

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View	JA3 fingerprint: 74954a0c86284d0d6e1c4efefe92b521
Source: Joe Sandbox View	JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Uses a known web browser user agent for HTTP communication

Source: global traffic	HTTP traffic detected: POST /o HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Content-Length: 122Host: d11iilsblp9z11.cloudfront.net
Source: global traffic	HTTP traffic detected: POST /zbd HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: /Authorization: Signature=c0ca984d9cd1b9e9ffdf6097b502a49003af5070b14ac3fa1760d15f36f3f81fUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Content-Length: 273Host: d11iilsblp9z11.cloudfront.net
Source: global traffic	HTTP traffic detected: POST /zbd HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: /Authorization: Signature=c0ca984d9cd1b9e9ffdf6097b502a49003af5070b14ac3fa1760d15f36f3f81fUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Content-Length: 289Host: d11iilsblp9z11.cloudfront.net
Source: global traffic	HTTP traffic detected: POST /zbd HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: /Authorization: Signature=c0ca984d9cd1b9e9ffdf6097b502a49003af5070b14ac3fa1760d15f36f3f81fUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Content-Length: 346Host: d11iilsblp9z11.cloudfront.net
Source: global traffic	HTTP traffic detected: POST /zbd HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: /Authorization: Signature=c0ca984d9cd1b9e9ffdf6097b502a49003af5070b14ac3fa1760d15f36f3f81fUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Content-Length: 354Host: d11iilsblp9z11.cloudfront.net
Source: global traffic	HTTP traffic detected: GET /client/bitcomet/?ver=2.08&intl=en_us&osintl=jv&cid=ae7b79c1d0de3420440a531a8fc59151&btcnt=0&httpcnt=0&p=x64&idt=20240718 HTTP/1.1Host: update.bitcomet.comConnection: closeAccept: /User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
Source: global traffic	HTTP traffic detected: GET /start/en_us/2.08/ HTTP/1.1Host: inside.bitcomet.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117", "Microsoft Edge WebView2";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /client/bitcomet/?ver=2.08&intl=en_us&osintl=jv&cid=ae7b79c1d0de3420440a531a8fc59151&btcnt=0&httpcnt=0&p=x64&idt=20240718 HTTP/1.1Host: update.bitcomet.comConnection: closeAccept: /User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
Source: global traffic	HTTP traffic detected: GET /client/bitcomet/?ver=2.08&intl=en_us&osintl=jv&cid=ae7b79c1d0de3420440a531a8fc59151&btcnt=0&httpcnt=0&p=x64&idt=20240718 HTTP/1.1Host: update.bitcomet.comConnection: closeAccept: /User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
Source: global traffic	HTTP traffic detected: GET /client/bitcomet/?ver=2.08&intl=en_us&osintl=jv&cid=ae7b79c1d0de3420440a531a8fc59151&btcnt=0&httpcnt=0&p=x64&idt=20240718 HTTP/1.1Host: update.bitcomet.comConnection: closeAccept: /User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
Source: global traffic	HTTP traffic detected: GET /client/bitcomet/?ver=2.08&intl=en_us&osintl=jv&cid=ae7b79c1d0de3420440a531a8fc59151&btcnt=0&httpcnt=0&p=x64&idt=20240718 HTTP/1.1Host: update.bitcomet.comConnection: closeAccept: /User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
Source: global traffic	HTTP traffic detected: GET /?random=1&style=iframe HTTP/1.1Host: apphit.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117", "Microsoft Edge WebView2";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://inside.bitcomet.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /app/veracrypt?style=iframe&link= HTTP/1.1Host: apphit.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117", "Microsoft Edge WebView2";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://inside.bitcomet.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: XSRF-TOKEN=eyJpdiI6IllZdWd4SGgxeCtkeEZoazN3RlFWcVE9PSIsInZhbHVlIjoiUFRaT1VuWXNhNEtXZlluK1ZoR29qMXY5dDFpTTVXUWFkSXA2dGVtZ0llckxNZVNtVS9TcVNhK0ZnZWRFM2U4VnhJdDhBN0I5Y3ZMZTdXU2hTMXpGMzJrTjlsZGllQ1MzNEFWTTZLRUpTTnJTVU1kbmM0dytaT05pTzZITnpqblAiLCJtYWMiOiI1ODNkMmQ0Njk0NjhiMzE0ZWM0OWU5Y2RmOGRmMDI2ZDNkZTg4ZGY4NGMzZTQ1NGU1OTlmY2EwNGY2Yjk4ODZjIiwidGFnIjoiIn0%3D; apphit_session=eyJpdiI6IjNsamJxYVYza29BR0JyM2Z2ZzJvWWc9PSIsInZhbHVlIjoiWk9OQlZlditaSWxuVS9NVmVxRWtRQXVIcEtnam55VjZxdzFNMUxuMFVISjVYZEh6ZzRaZFBwK0dNR05hMXd6a0t6eWdiNDJDL2pPenpUTkJJUVgxMlRqN1cwMDVEcUJIYm4vSVNjckplM0w1RVArY3NsQm5NcnZvaDdDZFBBT1AiLCJtYWMiOiIyNjVkY2Y4MDQ2OWFlYjhhN2I3ODMwYTg3NjliM2YwODU0ZTIyN2QzNzM5ZGRlZGE3NmMxOTAxOTllZDY2MDU5IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: POST /api/browser/edge/navigate/3 HTTP/1.1Host: nav-edge.smartscreen.microsoft.comConnection: keep-aliveContent-Length: 1201Authorization: SmartScreenHash eyJhdXRoSWQiOiJjMmU0ZjljYS1lZjYwLTQyY2EtOTAyZi1mNzgwZTFmMTk2YTciLCAia2V5IjoiL2R6S3ZyNE1Ua3UxWWNRR3V6eVBTUT09IiwgImhhc2giOiI1dy93RWx4MHV6MD0ifQ==Content-Type: application/json; charset=utf-8Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, br
Source: global traffic	HTTP traffic detected: GET /css/app.css HTTP/1.1Host: apphit.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117", "Microsoft Edge WebView2";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://apphit.com/app/veracrypt?style=iframe&link=Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: XSRF-TOKEN=eyJpdiI6IlRDUFdYME9ZcXBrM2hyNWNrYURDTEE9PSIsInZhbHVlIjoiQ2NPTmFwdzRQemwwOEQveERmMXBiYWJURnByZWljd1hKSEV0c1VSUWllQzZvSmRmdTJya05BSDREaVlEeVYxdWMrVEVUc2tGdS9GWUI1Vi8xYnJIZ2dHbzVLM1Bma3A1WXZzVzFsaTlFWHB5YUUxVE1sSUY5d0FxSGlOTWZNOGUiLCJtYWMiOiI5YjFkYmRlNmQxYWNmY2YwOGQ5NDIwNzFiYjg2MDIyMjUzZDJlOWI0ZmZlNmNkMGU3YjJiYmVhNzhiOTZmMzRmIiwidGFnIjoiIn0%3D; apphit_session=eyJpdiI6Imc0WmF2ZDFDMjR5YTJOWG9tWG1MOGc9PSIsInZhbHVlIjoiQzc1OE00bCtvZzVUeW01ajlrVllXMkVCRDBuc1B5bFJwSHRWUUZKME5PeVYrbkpjSHByeU1Va1FlQ0lENTM2LzdiV1BnNDJnWi9IMVRwc0laaFU5KzVFWCtmNmZtNVZtT3dKMHdnT3g1Q2NUWHh0TDRUK0NPT0ZMMEdNOUhlWmsiLCJtYWMiOiI0Mzc4ZjEzZGJkMzc1ZGQwYzhmNzMwYTlkNjBhOWY4MzE2MjdhOTI2OTYwODk5OGIzZjljYWU2NjViZTE0YWJjIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /image/app/veracrypt/veracrypt-logo.svg HTTP/1.1Host: image.apphit.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117", "Microsoft Edge WebView2";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://apphit.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: POST /api/browser/edge/navigate/3 HTTP/1.1Host: nav-edge.smartscreen.microsoft.comConnection: keep-aliveContent-Length: 1258Authorization: SmartScreenHash eyJhdXRoSWQiOiJjMmU0ZjljYS1lZjYwLTQyY2EtOTAyZi1mNzgwZTFmMTk2YTciLCAia2V5IjoiQmkrNEUzcStmdEJyeE9CeXV2YXpOUT09IiwgImhhc2giOiJQaUtDV2sxbktPYz0ifQ==Content-Type: application/json; charset=utf-8Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, br
Source: global traffic	HTTP traffic detected: GET /gtag/js?id=G-BE27VNW489 HTTP/1.1Host: www.googletagmanager.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117", "Microsoft Edge WebView2";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://apphit.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: POST /api/browser/edge/data/toptraffic/3 HTTP/1.1Host: data-edge.smartscreen.microsoft.comConnection: keep-aliveContent-Length: 754Accept: application/octet-stream;application/x-patch-bsdiff;Authorization: SmartScreenHash eyJhdXRoSWQiOiJjMmU0ZjljYS1lZjYwLTQyY2EtOTAyZi1mNzgwZTFmMTk2YTciLCAia2V5IjoiamhZdUhSeUt2NkxSOVZrb08zSTRRQT09IiwgImhhc2giOiJnbWVMa0xJMk8zMD0ifQ==Content-Type: application/json; charset=utf-8If-None-Match: "170540185939602997400506234197983529371"Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, br
Source: global traffic	HTTP traffic detected: POST /api/browser/edge/data/bloomfilter/x/3 HTTP/1.1Host: data-edge.smartscreen.microsoft.comConnection: keep-aliveContent-Length: 1129Accept: application/octet-stream;application/x-patch-bsdiff;Authorization: SmartScreenHash eyJhdXRoSWQiOiJjMmU0ZjljYS1lZjYwLTQyY2EtOTAyZi1mNzgwZTFmMTk2YTciLCAia2V5IjoiODRuR2ZNbnhWUG9VaE9ZMlFmaHNPdz09IiwgImhhc2giOiJrQk5Rayt3Vlk0TT0ifQ==Content-Type: application/json; charset=utf-8If-None-Match: "636976985063396749.rel.v2"Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, br
Source: global traffic	HTTP traffic detected: POST /api/browser/edge/data/settings/3 HTTP/1.1Host: data-edge.smartscreen.microsoft.comConnection: keep-aliveContent-Length: 1129Accept: application/octet-stream;application/x-patch-bsdiff;Authorization: SmartScreenHash eyJhdXRoSWQiOiJjMmU0ZjljYS1lZjYwLTQyY2EtOTAyZi1mNzgwZTFmMTk2YTciLCAia2V5IjoiODRuR2ZNbnhWUG9VaE9ZMlFmaHNPdz09IiwgImhhc2giOiJrQk5Rayt3Vlk0TT0ifQ==Content-Type: application/json; charset=utf-8If-None-Match: "2.0-0"Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, br
Source: global traffic	HTTP traffic detected: POST /api/browser/edge/navigate/3 HTTP/1.1Host: nav-edge.smartscreen.microsoft.comConnection: keep-aliveContent-Length: 1643Authorization: SmartScreenHash eyJhdXRoSWQiOiJjMmU0ZjljYS1lZjYwLTQyY2EtOTAyZi1mNzgwZTFmMTk2YTciLCAia2V5IjoiYWVKQ0M0NjNpYzJlbjM1SmFqTTEzQT09IiwgImhhc2giOiIzS3F3WklmQ0lCZz0ifQ==Content-Type: application/json; charset=utf-8Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, br
Source: global traffic	HTTP traffic detected: POST /api/browser/edge/data/toptraffic/3 HTTP/1.1Host: data-edge.smartscreen.microsoft.comConnection: keep-aliveContent-Length: 1101Accept: application/octet-stream;application/x-patch-bsdiff;Authorization: SmartScreenHash eyJhdXRoSWQiOiJjMmU0ZjljYS1lZjYwLTQyY2EtOTAyZi1mNzgwZTFmMTk2YTciLCAia2V5IjoiMDJYYmZmUGFWa1dmV2s5SU00WW1FZz09IiwgImhhc2giOiJ2L0VLYWlzcnBDTT0ifQ==Content-Type: application/json; charset=utf-8If-None-Match: "638004170464094982"Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, br
Source: global traffic	HTTP traffic detected: POST /api/browser/edge/data/bloomfilter/x/3 HTTP/1.1Host: data-edge.smartscreen.microsoft.comConnection: keep-aliveContent-Length: 1101Accept: application/octet-stream;application/x-patch-bsdiff;Authorization: SmartScreenHash eyJhdXRoSWQiOiJjMmU0ZjljYS1lZjYwLTQyY2EtOTAyZi1mNzgwZTFmMTk2YTciLCAia2V5IjoiMDJYYmZmUGFWa1dmV2s5SU00WW1FZz09IiwgImhhc2giOiJ2L0VLYWlzcnBDTT0ifQ==Content-Type: application/json; charset=utf-8If-None-Match: "638343870221005468"Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, br
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: apphit.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117", "Microsoft Edge WebView2";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://apphit.com/app/veracrypt?style=iframe&link=Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: XSRF-TOKEN=eyJpdiI6IlRDUFdYME9ZcXBrM2hyNWNrYURDTEE9PSIsInZhbHVlIjoiQ2NPTmFwdzRQemwwOEQveERmMXBiYWJURnByZWljd1hKSEV0c1VSUWllQzZvSmRmdTJya05BSDREaVlEeVYxdWMrVEVUc2tGdS9GWUI1Vi8xYnJIZ2dHbzVLM1Bma3A1WXZzVzFsaTlFWHB5YUUxVE1sSUY5d0FxSGlOTWZNOGUiLCJtYWMiOiI5YjFkYmRlNmQxYWNmY2YwOGQ5NDIwNzFiYjg2MDIyMjUzZDJlOWI0ZmZlNmNkMGU3YjJiYmVhNzhiOTZmMzRmIiwidGFnIjoiIn0%3D; apphit_session=eyJpdiI6Imc0WmF2ZDFDMjR5YTJOWG9tWG1MOGc9PSIsInZhbHVlIjoiQzc1OE00bCtvZzVUeW01ajlrVllXMkVCRDBuc1B5bFJwSHRWUUZKME5PeVYrbkpjSHByeU1Va1FlQ0lENTM2LzdiV1BnNDJnWi9IMVRwc0laaFU5KzVFWCtmNmZtNVZtT3dKMHdnT3g1Q2NUWHh0TDRUK0NPT0ZMMEdNOUhlWmsiLCJtYWMiOiI0Mzc4ZjEzZGJkMzc1ZGQwYzhmNzMwYTlkNjBhOWY4MzE2MjdhOTI2OTYwODk5OGIzZjljYWU2NjViZTE0YWJjIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /images/favicon.png HTTP/1.1Host: apphit.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117", "Microsoft Edge WebView2";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://apphit.com/app/veracrypt?style=iframe&link=Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: XSRF-TOKEN=eyJpdiI6IlRDUFdYME9ZcXBrM2hyNWNrYURDTEE9PSIsInZhbHVlIjoiQ2NPTmFwdzRQemwwOEQveERmMXBiYWJURnByZWljd1hKSEV0c1VSUWllQzZvSmRmdTJya05BSDREaVlEeVYxdWMrVEVUc2tGdS9GWUI1Vi8xYnJIZ2dHbzVLM1Bma3A1WXZzVzFsaTlFWHB5YUUxVE1sSUY5d0FxSGlOTWZNOGUiLCJtYWMiOiI5YjFkYmRlNmQxYWNmY2YwOGQ5NDIwNzFiYjg2MDIyMjUzZDJlOWI0ZmZlNmNkMGU3YjJiYmVhNzhiOTZmMzRmIiwidGFnIjoiIn0%3D; apphit_session=eyJpdiI6Imc0WmF2ZDFDMjR5YTJOWG9tWG1MOGc9PSIsInZhbHVlIjoiQzc1OE00bCtvZzVUeW01ajlrVllXMkVCRDBuc1B5bFJwSHRWUUZKME5PeVYrbkpjSHByeU1Va1FlQ0lENTM2LzdiV1BnNDJnWi9IMVRwc0laaFU5KzVFWCtmNmZtNVZtT3dKMHdnT3g1Q2NUWHh0TDRUK0NPT0ZMMEdNOUhlWmsiLCJtYWMiOiI0Mzc4ZjEzZGJkMzc1ZGQwYzhmNzMwYTlkNjBhOWY4MzE2MjdhOTI2OTYwODk5OGIzZjljYWU2NjViZTE0YWJjIiwidGFnIjoiIn0%3D

Source: unknown	TCP traffic detected without corresponding DNS query: 161.97.134.106
Source: unknown	TCP traffic detected without corresponding DNS query: 161.97.134.106
Source: unknown	TCP traffic detected without corresponding DNS query: 161.97.134.106
Source: unknown	TCP traffic detected without corresponding DNS query: 161.97.134.106
Source: unknown	TCP traffic detected without corresponding DNS query: 161.97.134.106
Source: unknown	TCP traffic detected without corresponding DNS query: 172.183.192.109
Source: unknown	TCP traffic detected without corresponding DNS query: 172.183.192.109
Source: unknown	TCP traffic detected without corresponding DNS query: 172.183.192.109
Source: unknown	TCP traffic detected without corresponding DNS query: 172.183.192.109
Source: unknown	TCP traffic detected without corresponding DNS query: 172.183.192.109
Source: unknown	TCP traffic detected without corresponding DNS query: 172.183.192.109
Source: unknown	TCP traffic detected without corresponding DNS query: 172.183.192.109
Source: unknown	TCP traffic detected without corresponding DNS query: 172.183.192.109
Source: unknown	TCP traffic detected without corresponding DNS query: 172.183.192.109
Source: unknown	TCP traffic detected without corresponding DNS query: 172.183.192.109
Source: unknown	TCP traffic detected without corresponding DNS query: 172.183.192.109
Source: unknown	TCP traffic detected without corresponding DNS query: 172.183.192.109
Source: unknown	TCP traffic detected without corresponding DNS query: 172.183.192.109
Source: unknown	TCP traffic detected without corresponding DNS query: 172.183.192.109
Source: unknown	TCP traffic detected without corresponding DNS query: 172.183.192.109
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.65.200
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.65.200
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.65.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.183.192.109
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.65.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.183.192.109
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.65.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.183.192.109
Source: unknown	TCP traffic detected without corresponding DNS query: 172.183.192.109
Source: unknown	TCP traffic detected without corresponding DNS query: 172.183.192.109
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.65.200
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.65.200
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.65.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.183.192.109
Source: unknown	TCP traffic detected without corresponding DNS query: 172.183.192.109
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.65.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.183.192.109
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.65.200
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.65.200
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.65.200
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.65.200
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.65.200
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.65.200
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.65.200
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.65.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.183.192.109
Source: unknown	TCP traffic detected without corresponding DNS query: 172.183.192.109
Source: unknown	TCP traffic detected without corresponding DNS query: 172.183.192.109
Source: unknown	TCP traffic detected without corresponding DNS query: 172.183.192.109
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.65.200

Source: global traffic	HTTP traffic detected: GET /f/AVG_AV/images/1509/EN.png HTTP/1.1Connection: Keep-AliveUser-Agent: Inno Setup 6.1.2Host: d11iilsblp9z11.cloudfront.net
Source: global traffic	HTTP traffic detected: GET /f/BitComet/1548_Updated/BitComet_2.08a_setup.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Inno Setup 6.1.2Host: d11iilsblp9z11.cloudfront.net
Source: global traffic	HTTP traffic detected: GET /f/WebAdvisor/files/1489/saBSI.zip HTTP/1.1Connection: Keep-AliveUser-Agent: Inno Setup 6.1.2Host: d11iilsblp9z11.cloudfront.net
Source: global traffic	HTTP traffic detected: GET /f/AVG_AV/files/1319/avg.zip HTTP/1.1Connection: Keep-AliveUser-Agent: Inno Setup 6.1.2Host: d11iilsblp9z11.cloudfront.net
Source: global traffic	HTTP traffic detected: GET /client/bitcomet/?ver=2.08&intl=en_us&osintl=jv&cid=ae7b79c1d0de3420440a531a8fc59151&btcnt=0&httpcnt=0&p=x64&idt=20240718 HTTP/1.1Host: update.bitcomet.comConnection: closeAccept: /User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
Source: global traffic	HTTP traffic detected: GET /start/en_us/2.08/ HTTP/1.1Host: inside.bitcomet.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117", "Microsoft Edge WebView2";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /client/bitcomet/?ver=2.08&intl=en_us&osintl=jv&cid=ae7b79c1d0de3420440a531a8fc59151&btcnt=0&httpcnt=0&p=x64&idt=20240718 HTTP/1.1Host: update.bitcomet.comConnection: closeAccept: /User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
Source: global traffic	HTTP traffic detected: GET /client/bitcomet/?ver=2.08&intl=en_us&osintl=jv&cid=ae7b79c1d0de3420440a531a8fc59151&btcnt=0&httpcnt=0&p=x64&idt=20240718 HTTP/1.1Host: update.bitcomet.comConnection: closeAccept: /User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
Source: global traffic	HTTP traffic detected: GET /client/bitcomet/?ver=2.08&intl=en_us&osintl=jv&cid=ae7b79c1d0de3420440a531a8fc59151&btcnt=0&httpcnt=0&p=x64&idt=20240718 HTTP/1.1Host: update.bitcomet.comConnection: closeAccept: /User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
Source: global traffic	HTTP traffic detected: GET /client/bitcomet/?ver=2.08&intl=en_us&osintl=jv&cid=ae7b79c1d0de3420440a531a8fc59151&btcnt=0&httpcnt=0&p=x64&idt=20240718 HTTP/1.1Host: update.bitcomet.comConnection: closeAccept: /User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
Source: global traffic	HTTP traffic detected: GET /?random=1&style=iframe HTTP/1.1Host: apphit.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117", "Microsoft Edge WebView2";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://inside.bitcomet.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /app/veracrypt?style=iframe&link= HTTP/1.1Host: apphit.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117", "Microsoft Edge WebView2";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://inside.bitcomet.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: XSRF-TOKEN=eyJpdiI6IllZdWd4SGgxeCtkeEZoazN3RlFWcVE9PSIsInZhbHVlIjoiUFRaT1VuWXNhNEtXZlluK1ZoR29qMXY5dDFpTTVXUWFkSXA2dGVtZ0llckxNZVNtVS9TcVNhK0ZnZWRFM2U4VnhJdDhBN0I5Y3ZMZTdXU2hTMXpGMzJrTjlsZGllQ1MzNEFWTTZLRUpTTnJTVU1kbmM0dytaT05pTzZITnpqblAiLCJtYWMiOiI1ODNkMmQ0Njk0NjhiMzE0ZWM0OWU5Y2RmOGRmMDI2ZDNkZTg4ZGY4NGMzZTQ1NGU1OTlmY2EwNGY2Yjk4ODZjIiwidGFnIjoiIn0%3D; apphit_session=eyJpdiI6IjNsamJxYVYza29BR0JyM2Z2ZzJvWWc9PSIsInZhbHVlIjoiWk9OQlZlditaSWxuVS9NVmVxRWtRQXVIcEtnam55VjZxdzFNMUxuMFVISjVYZEh6ZzRaZFBwK0dNR05hMXd6a0t6eWdiNDJDL2pPenpUTkJJUVgxMlRqN1cwMDVEcUJIYm4vSVNjckplM0w1RVArY3NsQm5NcnZvaDdDZFBBT1AiLCJtYWMiOiIyNjVkY2Y4MDQ2OWFlYjhhN2I3ODMwYTg3NjliM2YwODU0ZTIyN2QzNzM5ZGRlZGE3NmMxOTAxOTllZDY2MDU5IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /css/app.css HTTP/1.1Host: apphit.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117", "Microsoft Edge WebView2";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://apphit.com/app/veracrypt?style=iframe&link=Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: XSRF-TOKEN=eyJpdiI6IlRDUFdYME9ZcXBrM2hyNWNrYURDTEE9PSIsInZhbHVlIjoiQ2NPTmFwdzRQemwwOEQveERmMXBiYWJURnByZWljd1hKSEV0c1VSUWllQzZvSmRmdTJya05BSDREaVlEeVYxdWMrVEVUc2tGdS9GWUI1Vi8xYnJIZ2dHbzVLM1Bma3A1WXZzVzFsaTlFWHB5YUUxVE1sSUY5d0FxSGlOTWZNOGUiLCJtYWMiOiI5YjFkYmRlNmQxYWNmY2YwOGQ5NDIwNzFiYjg2MDIyMjUzZDJlOWI0ZmZlNmNkMGU3YjJiYmVhNzhiOTZmMzRmIiwidGFnIjoiIn0%3D; apphit_session=eyJpdiI6Imc0WmF2ZDFDMjR5YTJOWG9tWG1MOGc9PSIsInZhbHVlIjoiQzc1OE00bCtvZzVUeW01ajlrVllXMkVCRDBuc1B5bFJwSHRWUUZKME5PeVYrbkpjSHByeU1Va1FlQ0lENTM2LzdiV1BnNDJnWi9IMVRwc0laaFU5KzVFWCtmNmZtNVZtT3dKMHdnT3g1Q2NUWHh0TDRUK0NPT0ZMMEdNOUhlWmsiLCJtYWMiOiI0Mzc4ZjEzZGJkMzc1ZGQwYzhmNzMwYTlkNjBhOWY4MzE2MjdhOTI2OTYwODk5OGIzZjljYWU2NjViZTE0YWJjIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /image/app/veracrypt/veracrypt-logo.svg HTTP/1.1Host: image.apphit.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117", "Microsoft Edge WebView2";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://apphit.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /gtag/js?id=G-BE27VNW489 HTTP/1.1Host: www.googletagmanager.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117", "Microsoft Edge WebView2";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://apphit.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: apphit.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117", "Microsoft Edge WebView2";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://apphit.com/app/veracrypt?style=iframe&link=Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: XSRF-TOKEN=eyJpdiI6IlRDUFdYME9ZcXBrM2hyNWNrYURDTEE9PSIsInZhbHVlIjoiQ2NPTmFwdzRQemwwOEQveERmMXBiYWJURnByZWljd1hKSEV0c1VSUWllQzZvSmRmdTJya05BSDREaVlEeVYxdWMrVEVUc2tGdS9GWUI1Vi8xYnJIZ2dHbzVLM1Bma3A1WXZzVzFsaTlFWHB5YUUxVE1sSUY5d0FxSGlOTWZNOGUiLCJtYWMiOiI5YjFkYmRlNmQxYWNmY2YwOGQ5NDIwNzFiYjg2MDIyMjUzZDJlOWI0ZmZlNmNkMGU3YjJiYmVhNzhiOTZmMzRmIiwidGFnIjoiIn0%3D; apphit_session=eyJpdiI6Imc0WmF2ZDFDMjR5YTJOWG9tWG1MOGc9PSIsInZhbHVlIjoiQzc1OE00bCtvZzVUeW01ajlrVllXMkVCRDBuc1B5bFJwSHRWUUZKME5PeVYrbkpjSHByeU1Va1FlQ0lENTM2LzdiV1BnNDJnWi9IMVRwc0laaFU5KzVFWCtmNmZtNVZtT3dKMHdnT3g1Q2NUWHh0TDRUK0NPT0ZMMEdNOUhlWmsiLCJtYWMiOiI0Mzc4ZjEzZGJkMzc1ZGQwYzhmNzMwYTlkNjBhOWY4MzE2MjdhOTI2OTYwODk5OGIzZjljYWU2NjViZTE0YWJjIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /images/favicon.png HTTP/1.1Host: apphit.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117", "Microsoft Edge WebView2";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://apphit.com/app/veracrypt?style=iframe&link=Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: XSRF-TOKEN=eyJpdiI6IlRDUFdYME9ZcXBrM2hyNWNrYURDTEE9PSIsInZhbHVlIjoiQ2NPTmFwdzRQemwwOEQveERmMXBiYWJURnByZWljd1hKSEV0c1VSUWllQzZvSmRmdTJya05BSDREaVlEeVYxdWMrVEVUc2tGdS9GWUI1Vi8xYnJIZ2dHbzVLM1Bma3A1WXZzVzFsaTlFWHB5YUUxVE1sSUY5d0FxSGlOTWZNOGUiLCJtYWMiOiI5YjFkYmRlNmQxYWNmY2YwOGQ5NDIwNzFiYjg2MDIyMjUzZDJlOWI0ZmZlNmNkMGU3YjJiYmVhNzhiOTZmMzRmIiwidGFnIjoiIn0%3D; apphit_session=eyJpdiI6Imc0WmF2ZDFDMjR5YTJOWG9tWG1MOGc9PSIsInZhbHVlIjoiQzc1OE00bCtvZzVUeW01ajlrVllXMkVCRDBuc1B5bFJwSHRWUUZKME5PeVYrbkpjSHByeU1Va1FlQ0lENTM2LzdiV1BnNDJnWi9IMVRwc0laaFU5KzVFWCtmNmZtNVZtT3dKMHdnT3g1Q2NUWHh0TDRUK0NPT0ZMMEdNOUhlWmsiLCJtYWMiOiI0Mzc4ZjEzZGJkMzc1ZGQwYzhmNzMwYTlkNjBhOWY4MzE2MjdhOTI2OTYwODk5OGIzZjljYWU2NjViZTE0YWJjIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /?p_age=0&p_bld=mmm_irs_ppi_902_451_o&p_cpua=x64&p_edi=15&p_icar=1&p_lng=en&p_midex=3F5C7CD44D1F6AC769934CADA267B4DF43CEF16EBFB411D103FDD4B0F14B185F&p_ost=0&p_osv=10.0&p_pro=111&p_prod=avg-av&p_ram=8191&p_vbd=9241&p_vep=24&p_ves=6&p_vre=1898&repoid=release& HTTP/1.1Host: shepherd.avcdn.netUser-Agent: libcurl/8.7.0-DEV Schannel zlib/1.3.1 c-ares/1.28.1 nghttp2/1.48.0Accept: /Accept-Encoding: deflate, gzip
Source: global traffic	HTTP traffic detected: GET /?p_age=0&p_bld=mmm_irs_ppi_902_451_o&p_cpua=x64&p_icar=1&p_lng=en&p_midex=3F5C7CD44D1F6AC769934CADA267B4DF43CEF16EBFB411D103FDD4B0F14B185F&p_ost=0&p_osv=10.0&p_pro=111&p_prod=avg-av-vps&p_ram=8191&p_vbd=1806&p_vep=24&p_ves=7&p_vre=6883&repoid=release& HTTP/1.1Host: shepherd.avcdn.netUser-Agent: libcurl/8.7.0-DEV Schannel zlib/1.3.1 c-ares/1.28.1 nghttp2/1.48.0Accept: /Accept-Encoding: deflate, gzip

Source: global traffic	DNS traffic detected: DNS query: d11iilsblp9z11.cloudfront.net
Source: global traffic	DNS traffic detected: DNS query: www.bitcomet.com
Source: global traffic	DNS traffic detected: DNS query: analytics.apis.mcafee.com
Source: global traffic	DNS traffic detected: DNS query: honzik.avcdn.net
Source: global traffic	DNS traffic detected: DNS query: v7event.stats.avast.com
Source: global traffic	DNS traffic detected: DNS query: sadownload.mcafee.com
Source: global traffic	DNS traffic detected: DNS query: analytics.avcdn.net
Source: global traffic	DNS traffic detected: DNS query: router.bittorrent.com
Source: global traffic	DNS traffic detected: DNS query: router.utorrent.com
Source: global traffic	DNS traffic detected: DNS query: dht.transmissionbt.com
Source: global traffic	DNS traffic detected: DNS query: router.silotis.us
Source: global traffic	DNS traffic detected: DNS query: dht.libtorrent.org
Source: global traffic	DNS traffic detected: DNS query: update.bitcomet.com
Source: global traffic	DNS traffic detected: DNS query: inside.bitcomet.com
Source: global traffic	DNS traffic detected: DNS query: apphit.com
Source: global traffic	DNS traffic detected: DNS query: appassets.bitcomet.com
Source: global traffic	DNS traffic detected: DNS query: chrome.cloudflare-dns.com
Source: global traffic	DNS traffic detected: DNS query: shepherd.avcdn.net

Source: unknown

HTTP traffic detected: POST /o HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Content-Length: 122Host: d11iilsblp9z11.cloudfront.net

Source: BitComet_2.08a_setup.exe, 00000005.00000002.2249442158.000000000276B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: ftp://http://%.20s%ddefault%d%.20scopying
Source: avg_antivirus_free_online_setup.exe, 0000000C.00000003.2504355859.0000000006006000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://%s:%d;https=https://%s:%dHTTP/1.0
Source: BitComet_2.08a_setup.exe, 00000005.00000002.2249442158.0000000002794000.00000004.00000020.00020000.00000000.sdmp, BitComet_2.08a_setup.exe, 00000005.00000003.2216838446.00000000030F3000.00000004.00000020.00020000.00000000.sdmp, BitCometService.exe, 00000007.00000000.2219056808.0000000000596000.00000002.00000001.01000000.00000011.sdmp, BitCometService.exe, 00000007.00000002.2220151186.0000000000596000.00000002.00000001.01000000.00000011.sdmp, BitComet.exe, 0000000D.00000002.2420857876.00007FF664E1C000.00000002.00000001.01000000.00000019.sdmp, BitComet.exe, 0000000D.00000000.2403166450.00007FF664E1C000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: http://.css
Source: BitComet.exe, 0000000D.00000002.2420857876.00007FF664E1C000.00000002.00000001.01000000.00000019.sdmp, BitComet.exe, 0000000D.00000000.2403166450.00007FF664E1C000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: http://.flvftp://https://flashget://thunder://
Source: BitComet_2.08a_setup.exe, 00000005.00000002.2249442158.0000000002794000.00000004.00000020.00020000.00000000.sdmp, BitComet_2.08a_setup.exe, 00000005.00000003.2216838446.00000000030F3000.00000004.00000020.00020000.00000000.sdmp, BitCometService.exe, 00000007.00000000.2219056808.0000000000596000.00000002.00000001.01000000.00000011.sdmp, BitCometService.exe, 00000007.00000002.2220151186.0000000000596000.00000002.00000001.01000000.00000011.sdmp, BitComet.exe, 0000000D.00000002.2420857876.00007FF664E1C000.00000002.00000001.01000000.00000019.sdmp, BitComet.exe, 0000000D.00000000.2403166450.00007FF664E1C000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: http://.jpg
Source: BitComet.exe, 0000000D.00000002.2420857876.00007FF664E1C000.00000002.00000001.01000000.00000019.sdmp, BitComet.exe, 0000000D.00000000.2403166450.00007FF664E1C000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: http://127.0.0.1
Source: BitComet.exe, 0000000D.00000002.2420857876.00007FF664E1C000.00000002.00000001.01000000.00000019.sdmp, BitComet.exe, 0000000D.00000000.2403166450.00007FF664E1C000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: http://127.0.0.1/data
Source: BitComet.exe, 0000000D.00000002.2420857876.00007FF664E1C000.00000002.00000001.01000000.00000019.sdmp, BitComet.exe, 0000000D.00000000.2403166450.00007FF664E1C000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: http://127.0.0.1Note:
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2344093536.0000000004F1E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2359323053.0000000006345000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2362643784.0000000004F1A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000002.2640404184.0000000006340000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000002.2901166157.00000000056F3000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2734027576.00000000054BB000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2720973329.0000000002F1F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2733043815.00000000054BA000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2729383650.000000000544A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2721125963.0000000002F1F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2731341920.000000000544A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2733544200.00000000057F4000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2717611623.00000000054EE000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2733919705.00000000056F3000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 0000000B.00000003.2388892493.0000000004E69000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 0000000B.00000003.2388808034.0000000004E58000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2450616405.0000000005E8C000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000002.2995522970.0000000005490000.00000002.00000001.00040000.00000018.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2504355859.0000000006006000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2539291834.0000000005D30000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2577221124.0000000005DA0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2362643784.0000000004F1A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000002.2640404184.0000000006340000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 0000000B.00000003.2388892493.0000000004E69000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 0000000B.00000003.2388808034.0000000004E58000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2450616405.0000000005E8C000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000002.2995522970.0000000005490000.00000002.00000001.00040000.00000018.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2504355859.0000000006006000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2539291834.0000000005D30000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2577221124.0000000005DA0000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2418861617.0000000005B49000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2344093536.0000000004F1E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2359323053.0000000006345000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2362643784.0000000004F1A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000002.2640404184.0000000006340000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2883408378.0000000005448000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000002.2901068864.00000000056B0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2733043815.00000000054BA000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2717611623.00000000054EE000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2733919705.00000000056F3000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 0000000B.00000003.2388892493.0000000004E69000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 0000000B.00000003.2388808034.0000000004E58000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2450616405.0000000005E8C000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000002.2995522970.0000000005490000.00000002.00000001.00040000.00000018.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2504355859.0000000006006000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2539291834.0000000005D30000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2577221124.0000000005DA0000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2418861617.0000000005B49000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2344093536.0000000004F1E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2359323053.0000000006345000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2362643784.0000000004F1A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000002.2640404184.0000000006340000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000002.2901166157.00000000056F3000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2734027576.00000000054BB000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000002.2901068864.00000000056B0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2720973329.0000000002F1F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2733043815.00000000054BA000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2737216588.00000000054BB000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2729383650.000000000544A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2721125963.0000000002F1F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2731341920.000000000544A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2717611623.00000000054EE000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2733919705.00000000056F3000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 0000000B.00000003.2388892493.0000000004E69000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 0000000B.00000003.2388808034.0000000004E58000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2450616405.0000000005E8C000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000002.2995522970.0000000005490000.00000002.00000001.00040000.00000018.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2504355859.0000000006006000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2539291834.0000000005D30000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: BitComet_2.08a_setup.exe, 00000005.00000002.2249442158.0000000002794000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ccsca2021.crl.certum.pl/ccsca2021.crl0s
Source: BitComet_2.08a_setup.exe, 00000005.00000002.2249442158.0000000002794000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ccsca2021.ocsp-certum.com05
Source: saBSI.exe, saBSI.exe, 0000000A.00000002.2897708570.0000000002E64000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000000.2344892193.00000000006DE000.00000002.00000001.01000000.00000016.sdmp, saBSI.exe, 0000000A.00000002.2897708570.0000000002E4E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000002.2896762694.00000000006DE000.00000002.00000001.01000000.00000016.sdmp, saBSI.exe, 0000000A.00000003.2896422358.0000000002E63000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://clients2.google.com/service/update2/crx
Source: saBSI.exe, 0000000A.00000002.2897708570.0000000002E64000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2896422358.0000000002E63000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://clients2.google.com/service/update2/crx4
Source: saBSI.exe, 0000000A.00000002.2897708570.0000000002E64000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2896422358.0000000002E63000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://clients2.google.com/service/update2/crxm
Source: BitComet.exe, 0000000D.00000000.2403166450.00007FF664E1C000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: http://cn.bitcomet.com/achive/BitComet_1.20_setup.exe
Source: BitComet.exe, 0000000D.00000002.2420857876.00007FF664E1C000.00000002.00000001.01000000.00000019.sdmp, BitComet.exe, 0000000D.00000000.2403166450.00007FF664E1C000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: http://cn.bitcomet.com/achive/BitComet_1.20_setup.exemirror
Source: avg_antivirus_free_online_setup.exe, 0000000C.00000003.2628849428.0000000005C36000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cnx.conceptsheartranch.com/
Source: BitComet.exe, 0000000D.00000003.2405439939.0000023E831E0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://code.google.com/p/crashrpt/wiki/FAQ
Source: BitComet.exe, 0000000D.00000002.2420857876.00007FF664E1C000.00000002.00000001.01000000.00000019.sdmp, BitComet.exe, 0000000D.00000000.2403166450.00007FF664E1C000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: http://crashfix.bitcomet.com/crashfix/index.php/crashReport/uploadExternalhttps://www.bitcomet.com/e
Source: BitComet_2.08a_setup.exe, 00000005.00000002.2249442158.0000000002794000.00000004.00000020.00020000.00000000.sdmp, BitComet_2.08a_setup.exe, 00000005.00000003.2216838446.00000000030F3000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 0000000D.00000003.2405439939.0000023E833A5000.00000004.00001000.00020000.00000000.sdmp, BitComet.exe, 0000000E.00000003.2413441796.0000021F09335000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl.certum.pl/cscasha2.crl0q
Source: BitComet_2.08a_setup.exe, 00000005.00000002.2249442158.0000000002794000.00000004.00000020.00020000.00000000.sdmp, BitComet_2.08a_setup.exe, 00000005.00000003.2216838446.00000000030F3000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 0000000D.00000003.2405439939.0000023E833A5000.00000004.00001000.00020000.00000000.sdmp, BitComet.exe, 0000000E.00000003.2413441796.0000021F09335000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl.certum.pl/ctnca.crl0k
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2110344218.0000000004EDD000.00000004.00000020.00020000.00000000.sdmp, BitComet_2.08a_setup.exe, 00000005.00000002.2249442158.0000000002794000.00000004.00000020.00020000.00000000.sdmp, BitComet_2.08a_setup.exe, 00000005.00000003.2216838446.00000000030F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.certum.pl/ctnca2.crl0l
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2110344218.0000000004EDD000.00000004.00000020.00020000.00000000.sdmp, BitComet_2.08a_setup.exe, 00000005.00000002.2249442158.0000000002794000.00000004.00000020.00020000.00000000.sdmp, BitComet_2.08a_setup.exe, 00000005.00000003.2216838446.00000000030F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.certum.pl/ctsca2021.crl0o
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2344093536.0000000004F1E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2359323053.0000000006345000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2731341920.0000000005404000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2884883686.0000000002F20000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2731341920.0000000005421000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2729383650.000000000544A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2729383650.0000000005404000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2731341920.000000000544A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2728067926.0000000002EE3000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2717611623.00000000054EE000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2733919705.00000000056F3000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2718431117.0000000005404000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2719167639.0000000002EE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0U
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2344093536.0000000004F1E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2359323053.0000000006345000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2874180498.00000000057B6000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2731341920.0000000005404000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2729383650.000000000544A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2720457018.000000000540E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2729383650.0000000005404000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2731341920.000000000544A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000002.2901328913.00000000057B6000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2728067926.0000000002EE3000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2717611623.00000000054EE000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2733919705.00000000056F3000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2718431117.0000000005404000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2719167639.0000000002EE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.com/gsgccr45evcodesignca2020.crl0
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2344093536.0000000004F1E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2359323053.0000000006345000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2362643784.0000000004F1A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000002.2640404184.0000000006340000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000002.2901166157.00000000056F3000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2734027576.00000000054BB000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2720973329.0000000002F1F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2733043815.00000000054BA000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2729383650.000000000544A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2721125963.0000000002F1F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2731341920.000000000544A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2733544200.00000000057F4000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2717611623.00000000054EE000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2733919705.00000000056F3000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 0000000B.00000003.2388892493.0000000004E69000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 0000000B.00000003.2388808034.0000000004E58000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2450616405.0000000005E8C000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000002.2995522970.0000000005490000.00000002.00000001.00040000.00000018.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2504355859.0000000006006000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2539291834.0000000005D30000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2577221124.0000000005DA0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2362643784.0000000004F1A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000002.2640404184.0000000006340000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 0000000B.00000003.2388892493.0000000004E69000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 0000000B.00000003.2388808034.0000000004E58000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2450616405.0000000005E8C000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000002.2995522970.0000000005490000.00000002.00000001.00040000.00000018.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2504355859.0000000006006000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2539291834.0000000005D30000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2577221124.0000000005DA0000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2418861617.0000000005B49000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2344093536.0000000004F1E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2359323053.0000000006345000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2362643784.0000000004F1A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000002.2640404184.0000000006340000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2883408378.0000000005448000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000002.2901068864.00000000056B0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2733043815.00000000054BA000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2717611623.00000000054EE000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2733919705.00000000056F3000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 0000000B.00000003.2388892493.0000000004E69000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 0000000B.00000003.2388808034.0000000004E58000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2450616405.0000000005E8C000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000002.2995522970.0000000005490000.00000002.00000001.00040000.00000018.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2504355859.0000000006006000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2539291834.0000000005D30000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2577221124.0000000005DA0000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2418861617.0000000005B49000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: avg_antivirus_free_online_setup.exe, 0000000C.00000003.2418861617.0000000005B49000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2362643784.0000000004F1A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000002.2640404184.0000000006340000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 0000000B.00000003.2388892493.0000000004E69000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 0000000B.00000003.2388808034.0000000004E58000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2450616405.0000000005E8C000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000002.2995522970.0000000005490000.00000002.00000001.00040000.00000018.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2504355859.0000000006006000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2539291834.0000000005D30000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2577221124.0000000005DA0000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2418861617.0000000005B49000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: msedgewebview2.exe, 00000021.00000003.2532289125.00003D28006AC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crrev.com/c/2555698.
Source: BitComet_2.08a_setup.exe, 00000005.00000002.2249442158.0000000002794000.00000004.00000020.00020000.00000000.sdmp, BitComet_2.08a_setup.exe, 00000005.00000003.2216838446.00000000030F3000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 0000000D.00000003.2405439939.0000023E833A5000.00000004.00001000.00020000.00000000.sdmp, BitComet.exe, 0000000E.00000003.2413441796.0000021F09335000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://cscasha2.ocsp-certum.com04
Source: saBSI.exe, 0000000A.00000002.2897708570.0000000002EE3000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2896027780.0000000002EE3000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2728067926.0000000002EE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
Source: saBSI.exe, 0000000A.00000002.2897708570.0000000002EE3000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2896027780.0000000002EE3000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2728067926.0000000002EE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: avg_antivirus_free_online_setup.exe, 0000000C.00000003.2628849428.0000000005C36000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://doubleclick-proxy.ff.avast.com/v1/gclid
Source: BitComet.exe, 0000000D.00000000.2403166450.00007FF664E1C000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: http://download.bitcomet.com/bitcomet/bitcomet_setup.exe
Source: avg_antivirus_free_online_setup.exe, 0000000C.00000003.2628849428.0000000005C36000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://gf.tools.avast.com/tools/gf/
Source: BitComet_2.08a_setup.exe, 00000005.00000002.2249442158.000000000276B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://google.atcomet.com/b/
Source: BitComet_2.08a_setup.exe, 00000005.00000002.2249442158.0000000002794000.00000004.00000020.00020000.00000000.sdmp, BitComet_2.08a_setup.exe, 00000005.00000003.2216838446.00000000030F3000.00000004.00000020.00020000.00000000.sdmp, BitCometService.exe, 00000007.00000000.2219056808.0000000000596000.00000002.00000001.01000000.00000011.sdmp, BitCometService.exe, 00000007.00000002.2220151186.0000000000596000.00000002.00000001.01000000.00000011.sdmp, BitComet.exe, 0000000D.00000002.2420857876.00007FF664E1C000.00000002.00000001.01000000.00000019.sdmp, BitComet.exe, 0000000D.00000000.2403166450.00007FF664E1C000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: http://html4/loose.dtd
Source: avg_antivirus_free_setup.exe, 0000000B.00000000.2364390202.00000000000C3000.00000002.00000001.01000000.00000017.sdmp, avg_antivirus_free_setup.exe, 0000000B.00000002.2963084059.00000000000C3000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: http://https://:allow_fallback/installer.exe
Source: avg_antivirus_free_online_setup.exe, 0000000C.00000003.2628849428.0000000005C36000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://median-a1.iavs9x.u.avast.com/iavs9x/avast_one_essential_setup_online.exe
Source: avg_antivirus_free_online_setup.exe, 0000000C.00000003.2628849428.0000000005C36000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://median-free.iavs9x.u.avast.com/iavs9x/avast_free_antivirus_setup_online.exe
Source: BitComet.exe, 0000000D.00000002.2420857876.00007FF664E1C000.00000002.00000001.01000000.00000019.sdmp, BitComet.exe, 0000000D.00000000.2403166450.00007FF664E1C000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: http://mirror.com/pub/
Source: BitComet.exe, 0000000D.00000002.2420857876.00007FF664E1C000.00000002.00000001.01000000.00000019.sdmp, BitComet.exe, 0000000D.00000000.2403166450.00007FF664E1C000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: http://mirror.com/pub/file.exe
Source: BitComet.exe, 0000000D.00000002.2420857876.00007FF664E1C000.00000002.00000001.01000000.00000019.sdmp, BitComet.exe, 0000000D.00000000.2403166450.00007FF664E1C000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: http://mirror.com/pub/folder_name/file1.exe
Source: BitComet.exe, 0000000D.00000002.2420857876.00007FF664E1C000.00000002.00000001.01000000.00000019.sdmp, BitComet.exe, 0000000D.00000000.2403166450.00007FF664E1C000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: http://mirror.com/pub/folder_name/file2.exe
Source: BitComet_2.08a_setup.exe, 00000005.00000000.2148208697.000000000040A000.00000008.00000001.01000000.0000000D.sdmp, BitComet_2.08a_setup.exe, 00000005.00000002.2245578736.000000000040A000.00000004.00000001.01000000.0000000D.sdmp, BitComet_2.08a_setup.exe, 00000005.00000003.2221676510.00000000037CB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: BitComet_2.08a_setup.exe, 00000005.00000002.2249442158.0000000002794000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.comodoca.com0
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2362643784.0000000004F1A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000002.2640404184.0000000006340000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 0000000B.00000003.2388892493.0000000004E69000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 0000000B.00000003.2388808034.0000000004E58000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2450616405.0000000005E8C000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000002.2995522970.0000000005490000.00000002.00000001.00040000.00000018.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2504355859.0000000006006000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2539291834.0000000005D30000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2577221124.0000000005DA0000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2418861617.0000000005B49000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2344093536.0000000004F1E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2359323053.0000000006345000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2362643784.0000000004F1A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000002.2640404184.0000000006340000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000002.2901166157.00000000056F3000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2734027576.00000000054BB000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000002.2901068864.00000000056B0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2720973329.0000000002F1F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2733043815.00000000054BA000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2737216588.00000000054BB000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2729383650.000000000544A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2721125963.0000000002F1F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2731341920.000000000544A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2717611623.00000000054EE000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2733919705.00000000056F3000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 0000000B.00000003.2388892493.0000000004E69000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 0000000B.00000003.2388808034.0000000004E58000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2450616405.0000000005E8C000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000002.2995522970.0000000005490000.00000002.00000001.00040000.00000018.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2504355859.0000000006006000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2539291834.0000000005D30000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0A
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2344093536.0000000004F1E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2359323053.0000000006345000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2362643784.0000000004F1A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000002.2640404184.0000000006340000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000002.2901166157.00000000056F3000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2734027576.00000000054BB000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2720973329.0000000002F1F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2733043815.00000000054BA000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2729383650.000000000544A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2721125963.0000000002F1F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2731341920.000000000544A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2733544200.00000000057F4000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2717611623.00000000054EE000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2733919705.00000000056F3000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 0000000B.00000003.2388892493.0000000004E69000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 0000000B.00000003.2388808034.0000000004E58000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2450616405.0000000005E8C000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000002.2995522970.0000000005490000.00000002.00000001.00040000.00000018.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2504355859.0000000006006000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2539291834.0000000005D30000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2577221124.0000000005DA0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0C
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2344093536.0000000004F1E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2359323053.0000000006345000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2362643784.0000000004F1A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000002.2640404184.0000000006340000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2883408378.0000000005448000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000002.2901068864.00000000056B0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2733043815.00000000054BA000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2717611623.00000000054EE000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2733919705.00000000056F3000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 0000000B.00000003.2388892493.0000000004E69000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 0000000B.00000003.2388808034.0000000004E58000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2450616405.0000000005E8C000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000002.2995522970.0000000005490000.00000002.00000001.00040000.00000018.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2504355859.0000000006006000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2539291834.0000000005D30000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2577221124.0000000005DA0000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2418861617.0000000005B49000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0X
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2344093536.0000000004F1E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2359323053.0000000006345000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2731341920.0000000005404000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2731341920.0000000005421000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2729383650.000000000544A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2729383650.0000000005404000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2731341920.000000000544A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2728067926.0000000002EE3000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2717611623.00000000054EE000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2733919705.00000000056F3000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2718431117.0000000005404000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2719167639.0000000002EE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2344093536.0000000004F1E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2359323053.0000000006345000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2874180498.00000000057B6000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2731341920.0000000005404000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2729383650.000000000544A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2720457018.000000000540E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2729383650.0000000005404000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2731341920.000000000544A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000002.2901328913.00000000057B6000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2728067926.0000000002EE3000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2717611623.00000000054EE000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2733919705.00000000056F3000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2718431117.0000000005404000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2719167639.0000000002EE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.globalsign.com/gsgccr45evcodesignca20200U
Source: avg_antivirus_free_online_setup.exe, 0000000C.00000003.2628849428.0000000005C36000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://push.ff.avast.com
Source: BitComet_2.08a_setup.exe, 00000005.00000002.2249442158.0000000002794000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://repository.certum.pl/ccsca2021.cer0
Source: BitComet_2.08a_setup.exe, 00000005.00000002.2249442158.0000000002794000.00000004.00000020.00020000.00000000.sdmp, BitComet_2.08a_setup.exe, 00000005.00000003.2216838446.00000000030F3000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 0000000D.00000003.2405439939.0000023E833A5000.00000004.00001000.00020000.00000000.sdmp, BitComet.exe, 0000000E.00000003.2413441796.0000021F09335000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://repository.certum.pl/cscasha2.cer0
Source: BitComet.exe, 0000000D.00000003.2405439939.0000023E833A5000.00000004.00001000.00020000.00000000.sdmp, BitComet.exe, 0000000E.00000003.2413441796.0000021F09335000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://repository.certum.pl/ctnca.cer0
Source: BitComet_2.08a_setup.exe, 00000005.00000002.2249442158.0000000002794000.00000004.00000020.00020000.00000000.sdmp, BitComet_2.08a_setup.exe, 00000005.00000003.2216838446.00000000030F3000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 0000000D.00000003.2405439939.0000023E833A5000.00000004.00001000.00020000.00000000.sdmp, BitComet.exe, 0000000E.00000003.2413441796.0000021F09335000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://repository.certum.pl/ctnca.cer09
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2110344218.0000000004EDD000.00000004.00000020.00020000.00000000.sdmp, BitComet_2.08a_setup.exe, 00000005.00000002.2249442158.0000000002794000.00000004.00000020.00020000.00000000.sdmp, BitComet_2.08a_setup.exe, 00000005.00000003.2216838446.00000000030F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://repository.certum.pl/ctnca2.cer09
Source: BitComet_2.08a_setup.exe, 00000005.00000002.2249442158.0000000002794000.00000004.00000020.00020000.00000000.sdmp, BitComet_2.08a_setup.exe, 00000005.00000003.2216838446.00000000030F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://repository.certum.pl/ctsca2021.cer0
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2110344218.0000000004EDD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://repository.certum.pl/ctsca2021.cer0A
Source: saBSI.exe, 0000000A.00000003.2730262487.0000000002F1F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2730852804.0000000002F20000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2728067926.0000000002F1E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://secure.globalsign.com/
Source: saBSI.exe, 0000000A.00000003.2730262487.0000000002F1F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2730852804.0000000002F20000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2728067926.0000000002F1E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://secure.globalsign.com/W
Source: saBSI.exe, 0000000A.00000003.2730262487.0000000002F1F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2730852804.0000000002F20000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2728067926.0000000002F1E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2728067926.0000000002EB9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2344093536.0000000004F1E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2359323053.0000000006345000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2731341920.0000000005404000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2731341920.0000000005421000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2729383650.000000000544A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2729383650.0000000005404000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2731341920.000000000544A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2728067926.0000000002EE3000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2717611623.00000000054EE000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2733919705.00000000056F3000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2718431117.0000000005404000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2719167639.0000000002EE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2344093536.0000000004F1E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2359323053.0000000006345000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2874180498.00000000057B6000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2731341920.0000000005404000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2729383650.000000000544A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2720457018.000000000540E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2729383650.0000000005404000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2731341920.000000000544A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000002.2901328913.00000000057B6000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2728067926.0000000002EE3000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2717611623.00000000054EE000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2733919705.00000000056F3000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2718431117.0000000005404000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2719167639.0000000002EE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt0?
Source: saBSI.exe, 0000000A.00000003.2728067926.0000000002EE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://secure.globalsign.com:80/cacert/codesigningrootr45.crt
Source: BitComet_2.08a_setup.exe, 00000005.00000002.2249442158.0000000002794000.00000004.00000020.00020000.00000000.sdmp, BitComet_2.08a_setup.exe, 00000005.00000003.2216838446.00000000030F3000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 0000000D.00000003.2405439939.0000023E833A5000.00000004.00001000.00020000.00000000.sdmp, BitComet.exe, 0000000E.00000003.2413441796.0000021F09335000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://subca.ocsp-certum.com01
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2110344218.0000000004EDD000.00000004.00000020.00020000.00000000.sdmp, BitComet_2.08a_setup.exe, 00000005.00000002.2249442158.0000000002794000.00000004.00000020.00020000.00000000.sdmp, BitComet_2.08a_setup.exe, 00000005.00000003.2216838446.00000000030F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://subca.ocsp-certum.com02
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2110344218.0000000004EDD000.00000004.00000020.00020000.00000000.sdmp, BitComet_2.08a_setup.exe, 00000005.00000002.2249442158.0000000002794000.00000004.00000020.00020000.00000000.sdmp, BitComet_2.08a_setup.exe, 00000005.00000003.2216838446.00000000030F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://subca.ocsp-certum.com05
Source: BitComet_2.08a_setup.exe, 00000005.00000002.2249442158.0000000002794000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://submit.fileshot.net/put/
Source: BitComet_2.08a_setup.exe, 00000005.00000002.2249442158.0000000002794000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://submit.fileshot.net/put/file_hashfile_sizefile_indexpic_indexvideo_durationvideo_resolution_x
Source: BitComet_2.08a_setup.exe, 00000005.00000002.2249442158.0000000002794000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://submit.fileshot.net/query/
Source: BitComet_2.08a_setup.exe, 00000005.00000002.2249442158.0000000002794000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://submit.fileshot.net/query/POST3api_versionvl_hashfile_size
Source: BitComet_2.08a_setup.exe, 00000005.00000002.2249442158.0000000002794000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://submit.fileshot.net/torrent/
Source: BitComet_2.08a_setup.exe, 00000005.00000002.2249442158.0000000002794000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://submit.fileshot.net/torrent/info_hashsize_index
Source: avg_antivirus_free_online_setup.exe, 0000000C.00000003.2628849428.0000000005C36000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://submit.sb.avast.com/V1/MD/
Source: avg_antivirus_free_online_setup.exe, 0000000C.00000003.2628849428.0000000005C36000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://submit.sb.avast.com/V1/PD/
Source: avg_antivirus_free_setup.exe, 0000000B.00000002.2971743307.0000000004DB8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://v7event.stats.avast.com/
Source: avg_antivirus_free_setup.exe, 0000000B.00000002.2971743307.0000000004DFA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://v7event.stats.avast.com/JH
Source: avg_antivirus_free_setup.exe, 0000000B.00000003.2391365686.0000000004E30000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 0000000B.00000002.2976222461.0000000004E30000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://v7event.stats.avast.com/cgi-bin/iavsevents.cgi
Source: avg_antivirus_free_setup.exe, 0000000B.00000003.2391365686.0000000004E30000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 0000000B.00000002.2976222461.0000000004E30000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://v7event.stats.avast.com/cgi-bin/iavsevents.cgiC
Source: avg_antivirus_free_setup.exe, 0000000B.00000003.2391365686.0000000004E30000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 0000000B.00000002.2976222461.0000000004E30000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://v7event.stats.avast.com:80/cgi-bin/iavsevents.cgi
Source: avg_antivirus_free_online_setup.exe, 0000000C.00000003.2628849428.0000000005C36000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://wtu.d.avcdn.net/avg/wtu/95b029cd737ea13a32d791d4e211fde568448486e62646a07992c7e57969ecf0/WTUI
Source: avg_antivirus_free_online_setup.exe, 0000000C.00000003.2628849428.0000000005C36000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://wtu.d.avcdn.net/avg/wtu/95b029cd737ea13a32d791d4e211fde568448486e62646a07992c7e57969ecf0/wtu.
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2362643784.0000000004F1A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000002.2640404184.0000000006340000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 0000000B.00000003.2388892493.0000000004E69000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 0000000B.00000003.2388808034.0000000004E58000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2450616405.0000000005E8C000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000002.2995522970.0000000005490000.00000002.00000001.00040000.00000018.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2504355859.0000000006006000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2539291834.0000000005D30000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2577221124.0000000005DA0000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2418861617.0000000005B49000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.avast.com0/
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2110344218.0000000004EDD000.00000004.00000020.00020000.00000000.sdmp, BitComet_2.08a_setup.exe, 00000005.00000002.2249442158.0000000002794000.00000004.00000020.00020000.00000000.sdmp, BitComet_2.08a_setup.exe, 00000005.00000002.2245578736.000000000040A000.00000004.00000001.01000000.0000000D.sdmp, BitComet_2.08a_setup.exe, 00000005.00000003.2216838446.00000000030F3000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 0000000D.00000003.2405439939.0000023E833A5000.00000004.00001000.00020000.00000000.sdmp, BitComet.exe, 0000000E.00000003.2413441796.0000021F09335000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.bitcomet.com
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000002.2633853589.0000000004EA5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000002.2627572791.0000000003622000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000002.2642171583.00000000074E9000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000002.2622264821.0000000002390000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1703819395.0000000003490000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.bitcomet.com/doc/term-of-use.php
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000002.2617899539.00000000007BF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.bitcomet.com/doc/term-of-use.phprSj:
Source: BitComet_2.08a_setup.exe, 00000005.00000002.2247774329.0000000000832000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.bitcomet.com/http://www.bitcomet.com/index-zh.htmHomePage
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2110344218.0000000004EDD000.00000004.00000020.00020000.00000000.sdmp, BitComet_2.08a_setup.exe, 00000005.00000002.2249442158.0000000002794000.00000004.00000020.00020000.00000000.sdmp, BitComet_2.08a_setup.exe, 00000005.00000003.2216838446.00000000030F3000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 0000000D.00000003.2405439939.0000023E833A5000.00000004.00001000.00020000.00000000.sdmp, BitComet.exe, 0000000E.00000003.2413441796.0000021F09335000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.certum.pl/CPS0
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2362643784.0000000004F1A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000002.2640404184.0000000006340000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 0000000B.00000003.2388892493.0000000004E69000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 0000000B.00000003.2388808034.0000000004E58000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2450616405.0000000005E8C000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000002.2995522970.0000000005490000.00000002.00000001.00040000.00000018.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2504355859.0000000006006000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2539291834.0000000005D30000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2577221124.0000000005DA0000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2418861617.0000000005B49000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.digicert.com/CPS0
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.exe, 00000000.00000003.2649478318.0000000002216000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.exe, 00000000.00000003.1695476894.0000000002570000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000002.2642171583.00000000075B6000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1703819395.0000000003490000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.dk-soft.org/
Source: avg_antivirus_free_setup.exe, 0000000B.00000002.2976222461.0000000004E30000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.google-analytics.com/
Source: avg_antivirus_free_setup.exe, 0000000B.00000003.2391365686.0000000004E30000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 0000000B.00000002.2976222461.0000000004E30000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.google-analytics.com/C
Source: avg_antivirus_free_setup.exe, 0000000B.00000003.2391365686.0000000004E30000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 0000000B.00000002.2976222461.0000000004E30000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 0000000B.00000002.2971743307.0000000004DDB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.google-analytics.com/collect
Source: avg_antivirus_free_setup.exe, 0000000B.00000003.2391365686.0000000004E30000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 0000000B.00000002.2976222461.0000000004E30000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.google-analytics.com:80/collect.
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2344093536.0000000004F1E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2359323053.0000000006345000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2883408378.0000000005448000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000002.2901068864.00000000056B0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2895072615.0000000002E8D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2729383650.000000000544A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000002.2901224805.0000000005735000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2731341920.000000000544A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000002.2897708570.0000000002E8D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2717611623.00000000054EE000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2733919705.00000000056F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.mcafee.com
Source: BitComet.exe, 0000000D.00000003.2405439939.0000023E831E0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.winimage.com/zLibDll
Source: avg_antivirus_free_online_setup.exe, 0000000C.00000003.2504355859.0000000006006000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.winimage.com/zLibDllDELETEPUTCONNECTTRACECOPYLOCKMKCOLMOVEPROPFINDPROPPATCHSEARCHUNLOCKBI
Source: BitComet.exe, 0000000D.00000002.2420857876.00007FF664E1C000.00000002.00000001.01000000.00000019.sdmp, BitComet.exe, 0000000D.00000000.2403166450.00007FF664E1C000.00000002.00000001.01000000.00000019.sdmp, BitComet.exe, 0000000E.00000000.2411594882.00007FF664E1C000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: http://www.wxwidgets.org
Source: avg_antivirus_free_online_setup.exe, 0000000C.00000003.2450616405.0000000005E8C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://://:http://.cgtt
Source: avg_antivirus_free_online_setup.exe, 0000000C.00000003.2628849428.0000000005C36000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/firefox/downloads/file/3517838/avg_online_security-latest.xpi?src=externa
Source: avg_antivirus_free_online_setup.exe, 0000000C.00000003.2628849428.0000000005C36000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/details/avg-online-security
Source: saBSI.exe, 0000000A.00000003.2895072615.0000000002EB9000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2373312406.0000000002EE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://analytics.apis.mcafee.com/
Source: saBSI.exe, 0000000A.00000002.2897708570.0000000002E81000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2719167639.0000000002EE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://analytics.apis.mcafee.com/mosaic/2.0/product-web/am/v1/record
Source: saBSI.exe, 0000000A.00000002.2897708570.0000000002EB9000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2895072615.0000000002EB9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://analytics.apis.mcafee.com/mosaic/2.0/product-web/am/v1/record=
Source: saBSI.exe, 0000000A.00000003.2884586261.0000000005405000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000002.2900191307.0000000005405000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2486584163.0000000005404000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2884328927.0000000005404000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2718431117.0000000005404000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://analytics.apis.mcafee.com/mosaic/2.0/product-web/am/v1/recorder
Source: saBSI.exe, 0000000A.00000002.2900191307.0000000005405000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://analytics.apis.mcafee.com/mosaic/2.0/product-web/am/v1/recorderK
Source: saBSI.exe, 0000000A.00000002.2897708570.0000000002EB9000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2895072615.0000000002EB9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://analytics.apis.mcafee.com/mosaic/2.0/product-web/am/v1/recordm
Source: saBSI.exe, 0000000A.00000003.2895072615.0000000002E81000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000002.2897708570.0000000002E81000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://analytics.apis.mcafee.com/x
Source: saBSI.exe, 0000000A.00000002.2897708570.0000000002EE3000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2896027780.0000000002EE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://analytics.apis.mcafee.com:443/mosaic/2.0/product-web/am/v1/record
Source: saBSI.exe, 0000000A.00000003.2719167639.0000000002EE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://analytics.apis.mcafee.com:443/mosaic/2.0/product-web/am/v1/recordY_DIST_AFFID_LIST
Source: saBSI.exe, 0000000A.00000003.2373312406.0000000002E8D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://analytics.apis.mcafee.com:443/mosaic/2.0/product-web/am/v1/recordytics.apis.mcafee.com/mosai
Source: saBSI.exe, 0000000A.00000000.2344892193.00000000006DE000.00000002.00000001.01000000.00000016.sdmp, saBSI.exe, 0000000A.00000002.2896762694.00000000006DE000.00000002.00000001.01000000.00000016.sdmp	String found in binary or memory: https://analytics.apis.mcafee.comhttps://analytics.qa.apis.mcafee.com/mosaic/2.0/product-web/am/v1/r
Source: saBSI.exe, 0000000A.00000002.2897708570.0000000002E64000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2896422358.0000000002E63000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://analytics.apis.mcafee.comse
Source: avg_antivirus_free_online_setup.exe, 0000000C.00000003.2418508115.000000000356A000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2631626247.0000000003565000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2405702362.000000000358A000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2496843336.000000000356B000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2405758044.000000000356C000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2419762782.000000000358A000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2403613513.000000000356C000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2536687235.0000000003565000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2547902689.000000000356A000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2417641679.0000000003565000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2571577024.000000000356B000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2514522947.000000000356B000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2417641679.0000000003571000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2632392796.000000000356A000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2546498050.0000000003565000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2447801969.0000000003571000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2454099658.000000000356A000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000002.2976217934.0000000003565000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2574209553.000000000356B000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000002.2976217934.0000000003571000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2610630444.000000000356B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://analytics.avcdn.net/
Source: avg_antivirus_free_online_setup.exe, 0000000C.00000003.2405758044.0000000003571000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://analytics.avcdn.net/v4/receive/json/25
Source: avg_antivirus_free_online_setup.exe, 0000000C.00000002.2976217934.0000000003544000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://analytics.avcdn.net/v4/receive/json/25%
Source: avg_antivirus_free_online_setup.exe, 0000000C.00000002.2976217934.0000000003571000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://analytics.avcdn.net/v4/receive/json/25:7
Source: avg_antivirus_free_online_setup.exe, 0000000C.00000002.2995522970.0000000005490000.00000002.00000001.00040000.00000018.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000000.2390280020.0000000000DC7000.00000002.00000001.01000000.00000018.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000002.2964747983.0000000000DC7000.00000002.00000001.01000000.00000018.sdmp	String found in binary or memory: https://analytics.avcdn.net/v4/receive/json/25Sent
Source: avg_antivirus_free_online_setup.exe, 0000000C.00000003.2633304923.000000000354B000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2611110279.0000000003549000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2419712721.000000000354A000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000002.2976217934.0000000003544000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2514751340.0000000003549000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2454044676.000000000354A000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2632251172.000000000354A000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2574990179.0000000003549000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2547506208.000000000354A000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2406475523.0000000003549000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://analytics.avcdn.net/v4/receive/json/25l
Source: avg_antivirus_free_online_setup.exe, 0000000C.00000002.2976217934.0000000003571000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://analytics.avcdn.net/v4/receive/json/25s
Source: avg_antivirus_free_online_setup.exe, 0000000C.00000003.2405758044.000000000356C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://analytics.avcdn.net/v4/receive/json/25v
Source: avg_antivirus_free_online_setup.exe, 0000000C.00000002.2976217934.0000000003517000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://analytics.avcdn.net:443/v4/receive/json/254
Source: avg_antivirus_free_online_setup.exe, 0000000C.00000002.2976217934.0000000003517000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://analytics.avcdn.net:443/v4/receive/json/25t
Source: saBSI.exe, 0000000A.00000002.2897708570.0000000002E64000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2896422358.0000000002E63000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://analytics.qa.apis.mcafee.com
Source: avg_antivirus_free_online_setup.exe, 0000000C.00000003.2628849428.0000000005C36000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bloatware.ff.avast.com/avast/ss/
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1760569997.0000000000828000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://buddies.uno/Sof%
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1760569997.0000000000828000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://buddies.uno/Softwa
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1760569997.0000000000815000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://buddies.uno/Software/Eula/eula.htm
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1760509842.000000000085F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2410033411.000000000087D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2110428676.000000000087D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1778301135.0000000000818000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1760569997.0000000000815000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://buddies.uno/Software/Eula/eula.html
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1760569997.0000000000828000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://buddies.uno/Software/PrivacyPolicy/Pri
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1760569997.0000000000828000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://buddies.uno/Software/PrivacyPolicy/Priv
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1760569997.0000000000828000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://buddies.uno/Software/PrivacyPolicy/Privao
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1760569997.0000000000828000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://buddies.uno/Software/PrivacyPolicy/PrivayP
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1760569997.0000000000828000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://buddies.uno/Software/PrivacyPolicy/PrivayPo
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1778301135.0000000000843000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1760569997.0000000000828000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://buddies.uno/Software/PrivacyPolicy/PrivayPol
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1760569997.0000000000828000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://buddies.uno/Software/PrivacyPolicy/PrivayPoli
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1760569997.0000000000828000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://buddies.uno/Software/PrivacyPolicy/PrivayPolicy
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1760569997.0000000000828000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1778301135.0000000000824000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://buddies.uno/Software/PrivacyPolicy/PrivayPolicy.&
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1760569997.0000000000828000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://buddies.uno/Software/PrivacyPolicy/PrivayPolicy.ht
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1760569997.0000000000828000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://buddies.uno/Software/PrivacyPolicy/PrivayPolicy.htm_ZHg
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1760509842.000000000085F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2410033411.000000000087D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2110428676.000000000087D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1778301135.0000000000824000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2410033411.0000000000824000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2110428676.0000000000824000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://buddies.uno/Software/PrivacyPolicy/PrivayPolicy.html
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1760710722.00000000007EF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://buddies.uno/Software/PrivacyPolicy/PrivayPolicy.htmlcampaign:opera_reengagedRE
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1760569997.0000000000828000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://buddies.uno/Softwarer
Source: avg_antivirus_free_online_setup.exe, 0000000C.00000003.2628849428.0000000005C36000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn-download.avastbrowser.com/avg_secure_browser_setup.exe
Source: BitComet.exe, 0000000D.00000002.2420857876.00007FF664E1C000.00000002.00000001.01000000.00000019.sdmp, BitComet.exe, 0000000D.00000000.2403166450.00007FF664E1C000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://cdn.pawns.app/download/sdk/latest/windows/pawns-sdk.dll
Source: BitComet.exe, 0000000D.00000002.2420857876.00007FF664E1C000.00000002.00000001.01000000.00000019.sdmp, BitComet.exe, 0000000D.00000000.2403166450.00007FF664E1C000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://cdn.pawns.app/download/sdk/latest/windows/pawns-sdk.dllPawnsSDK
Source: avg_antivirus_free_online_setup.exe, 0000000C.00000003.2628849428.0000000005C36000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore/detail/avg-online-security/nbmoafcmbajniiapeidgficgifbfmjfo?utm_s
Source: avg_antivirus_free_online_setup.exe, 0000000C.00000003.2450616405.0000000005E8C000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2604061607.0000000005C6A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: BitComet.exe, 0000000D.00000002.2420857876.00007FF664E1C000.00000002.00000001.01000000.00000019.sdmp, BitComet.exe, 0000000D.00000000.2403166450.00007FF664E1C000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://clients2.google.com/service/update2/crxHKEY_LOCAL_MACHINE
Source: BitComet_2.08a_setup.exe, 00000005.00000002.2247774329.0000000000832000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://clients2.google.com/service/update2/crxSoftware
Source: avg_antivirus_free_online_setup.exe, 0000000C.00000003.2450616405.0000000005E8C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://clients2.google.com/service/update2/crxshow-windowargumentsas-32b-processsignedas-userworkin
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.exe, 00000000.00000003.2649478318.000000000227C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.exe, 00000000.00000003.1695476894.0000000002570000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000002.2627572791.0000000003622000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000002.2631975906.0000000003734000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000002.2622264821.0000000002390000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1703819395.0000000003490000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://control.kochava.com/v1/cpi/click?campaign_id=kohotspot-shield-2oo5a3058127822662&network_id=
Source: saBSI.exe, 0000000A.00000002.2897708570.0000000002E76000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2895072615.0000000002E73000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cu1pehnswad01.servicebus.windows.net/wadp32h02/messages?timeout=60&api-version=2014-01
Source: avg_antivirus_free_online_setup.exe, 0000000C.00000003.2450616405.0000000005E8C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://curl.se/docs/alt-svc.html
Source: avg_antivirus_free_online_setup.exe, 0000000C.00000003.2450616405.0000000005E8C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://curl.se/docs/hsts.html
Source: avg_antivirus_free_online_setup.exe, 0000000C.00000003.2450616405.0000000005E8C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://curl.se/docs/http-cookies.html
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.exe, 00000000.00000003.2649478318.000000000227C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.exe, 00000000.00000003.1695476894.0000000002570000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000002.2627572791.0000000003622000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000002.2631975906.00000000036F9000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000002.2622264821.0000000002390000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1703819395.0000000003490000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://d11iilsblp9z11.cloudfront.net/f/
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000002.2635025040.0000000004EE5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2410033411.00000000007D7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000002.2642171583.000000000756D000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2363617302.0000000004EE0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2411164366.0000000004EE4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d11iilsblp9z11.cloudfront.net/f/AVG_AV/files/1319/avg.zip
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2363617302.0000000004EE0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d11iilsblp9z11.cloudfront.net/f/AVG_AV/files/1319/avg.zipI.zi6
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000002.2635025040.0000000004EE5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2411164366.0000000004EE4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d11iilsblp9z11.cloudfront.net/f/AVG_AV/files/1319/avg.zipI.ziI
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2110428676.000000000082E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d11iilsblp9z11.cloudfront.net/f/AVG_AV/files/1319/avg.zipI.zipvE30PraTCAoRM4emN7pEfhI;i
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000002.2642171583.000000000756D000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://d11iilsblp9z11.cloudfront.net/f/AVG_AV/files/1319/avg.zipi
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000002.2635025040.0000000004EE5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2410033411.00000000007D7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2363617302.0000000004EE0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2411164366.0000000004EE4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d11iilsblp9z11.cloudfront.net/f/AVG_AV/images/1509/EN.png
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2110428676.000000000085C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d11iilsblp9z11.cloudfront.net/f/AVG_AV/images/1509/EN.pngI.zip
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2363617302.0000000004EE0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d11iilsblp9z11.cloudfront.net/f/AVG_AV/images/1509/EN.pngng
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000002.2635025040.0000000004EE5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2411164366.0000000004EE4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d11iilsblp9z11.cloudfront.net/f/AVG_AV/images/1509/EN.pngng36
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2110428676.000000000082E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d11iilsblp9z11.cloudfront.net/f/AVG_AV/images/1509/EN.pngngzA5vE30PraTCAoRM4emN7pEfhIdll
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.exe, 00000000.00000003.2649478318.000000000227C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.exe, 00000000.00000003.1695476894.0000000002570000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000002.2627572791.0000000003622000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000002.2642171583.00000000074E9000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2110428676.0000000000842000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000002.2622264821.0000000002390000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000002.2642171583.0000000007591000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1703819395.0000000003490000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2110428676.0000000000835000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d11iilsblp9z11.cloudfront.net/f/BitComet/1548_Updated/BitComet_2.08a_setup.exe
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2110428676.000000000085C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000002.2618744694.0000000000866000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2410033411.000000000085D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d11iilsblp9z11.cloudfront.net/f/BitComet/1548_Updated/BitComet_2.08a_setup.exeJ
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000002.2622264821.0000000002418000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://d11iilsblp9z11.cloudfront.net/f/WebAdvisor/files/1489/saBSI.zip
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2110428676.000000000085C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2409204675.0000000004F36000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2362643784.0000000004F42000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2361027589.0000000004F3A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000002.2636705232.0000000004F47000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d11iilsblp9z11.cloudfront.net/f/WebAdvisor/files/1489/saBSI.zipEC8
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2110428676.000000000085C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d11iilsblp9z11.cloudfront.net/f/WebAdvisor/files/1489/saBSI.zipEC84
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2409204675.0000000004F36000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000002.2636705232.0000000004F47000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d11iilsblp9z11.cloudfront.net/f/WebAdvisor/files/1489/saBSI.zipEC8D
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2410033411.000000000085D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d11iilsblp9z11.cloudfront.net/f/WebAdvisor/files/1489/saBSI.zipEC8w
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2409204675.0000000004F36000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d11iilsblp9z11.cloudfront.net/f/WebAdvisor/files/1489/saBSI.zipvE30PraTCAoRM4emN7pEfhIk
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000002.2635025040.0000000004EE5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2410033411.00000000007D7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2363617302.0000000004EE0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2411164366.0000000004EE4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d11iilsblp9z11.cloudfront.net/f/WebAdvisor/images/NEW/EN.png
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2409204675.0000000004F36000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000002.2636705232.0000000004F47000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d11iilsblp9z11.cloudfront.net/f/WebAdvisor/images/NEW/EN.png3f81fk
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.exe, 00000000.00000003.2649478318.000000000227C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.exe, 00000000.00000003.1695476894.0000000002570000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000002.2627572791.0000000003622000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000002.2631975906.000000000374E000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000002.2622264821.0000000002390000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1703819395.0000000003490000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://d11iilsblp9z11.cloudfront.net/o
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.exe, 00000000.00000003.2649478318.000000000227C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.exe, 00000000.00000003.1695476894.0000000002570000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000002.2627572791.0000000003622000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000002.2631975906.000000000374E000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2409204675.0000000004F70000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000002.2622264821.00000000024BA000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1778301135.000000000082F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1778301135.0000000000837000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000002.2622264821.0000000002390000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1703819395.0000000003490000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://d11iilsblp9z11.cloudfront.net/zbd
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000002.2633853589.0000000004EA5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d11iilsblp9z11.cloudfront.net:443/zbd9C73F5E5-7AE7-4E32-A8E8-8D23B85255BF
Source: avg_antivirus_free_online_setup.exe, 0000000C.00000003.2604061607.0000000005C6A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://firefoxextension.avast.com/aos/update.json
Source: msedgewebview2.exe, 00000021.00000003.2532289125.00003D28006AC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/w3c/csswg-drafts/issues/6939#issuecomment-1016679588
Source: avg_antivirus_free_online_setup.exe, 0000000C.00000003.2577221124.0000000005DA0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://hns-legacy.sb.avast.com
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2110428676.000000000085C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2110428676.0000000000842000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1778301135.000000000085C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://home.mcafee.com/Root/AboutUs.aspx?id=eula
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1760509842.000000000085F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1778301135.0000000000861000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://home.mcafee.com/Root/AboutUs.aspx?iu
Source: avg_antivirus_free_online_setup.exe, 0000000C.00000003.2419762782.000000000358A000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2632392796.0000000003571000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2610630444.0000000003571000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2571577024.0000000003571000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2631626247.0000000003571000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2417641679.0000000003571000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2496843336.0000000003571000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000002.2976217934.0000000003571000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2574209553.0000000003571000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://honzik.avcdn.net/
Source: avg_antivirus_free_online_setup.exe, 0000000C.00000003.2632392796.0000000003571000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2610630444.0000000003571000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2571577024.0000000003571000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2631626247.0000000003571000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000002.2976217934.0000000003571000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2574209553.0000000003571000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://honzik.avcdn.net/(
Source: avg_antivirus_free_online_setup.exe, 0000000C.00000003.2454248813.0000000003578000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2454404990.000000000358A000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2447801969.0000000003571000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2454099658.0000000003571000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://honzik.avcdn.net/-
Source: avg_antivirus_free_online_setup.exe, 0000000C.00000003.2547902689.0000000003571000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2536687235.0000000003571000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://honzik.avcdn.net/0
Source: avg_antivirus_free_online_setup.exe, 0000000C.00000003.2496843336.0000000003571000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://honzik.avcdn.net/Y
Source: avg_antivirus_free_online_setup.exe, 0000000C.00000003.2403613513.0000000003571000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2405758044.0000000003571000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://honzik.avcdn.net/defs/avg-av/release.xml.lzma
Source: avg_antivirus_free_online_setup.exe, 0000000C.00000003.2628849428.0000000005C36000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://honzik.avcdn.net/setup/avg-atrk/release/avg_antitrack_online_setup.exe
Source: avg_antivirus_free_setup.exe, 0000000B.00000002.2971743307.0000000004DFA000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2628849428.0000000005C36000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://honzik.avcdn.net/setup/avg-av/release/avg_antivirus_free_online_setup.exe
Source: avg_antivirus_free_setup.exe, 0000000B.00000002.2971743307.0000000004DFA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://honzik.avcdn.net/setup/avg-av/release/avg_antivirus_free_online_setup.exeQ
Source: avg_antivirus_free_online_setup.exe, 0000000C.00000003.2628849428.0000000005C36000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://honzik.avcdn.net/setup/avg-bg/release/avg_breach_guard_online_setup.exe
Source: avg_antivirus_free_online_setup.exe, 0000000C.00000003.2628849428.0000000005C36000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://honzik.avcdn.net/setup/avg-bs/release/avg_battery_saver_online_setup.exe
Source: avg_antivirus_free_online_setup.exe, 0000000C.00000003.2628849428.0000000005C36000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://honzik.avcdn.net/setup/avg-du/release/avg_driver_updater_online_setup.exe
Source: avg_antivirus_free_online_setup.exe, 0000000C.00000003.2628849428.0000000005C36000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://honzik.avcdn.net/setup/avg-tu/release/avg_tuneup_online_setup.exe
Source: avg_antivirus_free_online_setup.exe, 0000000C.00000003.2628849428.0000000005C36000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://honzik.avcdn.net/setup/avg-vpn/release/avg_vpn_online_setup.exe
Source: avg_antivirus_free_online_setup.exe, 0000000C.00000003.2454099658.0000000003571000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://honzik.avcdn.net/universe/2445/f8a0/b75b/2445f8a0b75beb1a77428c2d605189876222fb9d53e3b187f7b
Source: avg_antivirus_free_online_setup.exe, 0000000C.00000003.2631626247.0000000003571000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000002.2976217934.0000000003517000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000002.2976217934.0000000003571000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://honzik.avcdn.net/universe/2603/2ae1/0582/26032ae10582074d1b38f8ad95372cfc56ce273d7a2766b2a0d
Source: avg_antivirus_free_online_setup.exe, 0000000C.00000003.2536687235.0000000003571000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://honzik.avcdn.net/universe/4d26/a67d/9fb8/4d26a67d9fb882ba9ddb9a8f90cfc0a1f17c5f526abb83671f6
Source: avg_antivirus_free_online_setup.exe, 0000000C.00000003.2536687235.0000000003571000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://honzik.avcdn.net/universe/9cad/b56d/c6bd/9cadb56dc6bdef59526a6aca8423fbda0000124bf15228cd536
Source: avg_antivirus_free_online_setup.exe, 0000000C.00000002.2976217934.0000000003571000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://honzik.avcdn.net/universe/9fcc/f245/57f7/9fccf24557f7691f06726fa651a35b48bdbac4556cb63188ca7
Source: avg_antivirus_free_online_setup.exe, 0000000C.00000003.2574209553.0000000003571000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://honzik.avcdn.net/universe/d936/7c5e/474b/d9367c5e474bca83cb06f583f2fb42ef2517d769cc82722201a
Source: avg_antivirus_free_online_setup.exe, 0000000C.00000002.2976217934.0000000003517000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://honzik.avcdn.net/universe/dbef/c0c1/a778/dbefc0c1a7785fe08ae05046f72095acf3f3bfc348d370c99e4
Source: avg_antivirus_free_online_setup.exe, 0000000C.00000002.2976217934.0000000003517000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://honzik.avcdn.net:443/universe/2603/2ae1/0582/26032ae10582074d1b38f8ad95372cfc56ce273d7a2766b
Source: avg_antivirus_free_online_setup.exe, 0000000C.00000002.2976217934.0000000003517000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://honzik.avcdn.net:443/universe/9cad/b56d/c6bd/9cadb56dc6bdef59526a6aca8423fbda0000124bf15228c
Source: avg_antivirus_free_online_setup.exe, 0000000C.00000002.2976217934.0000000003517000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://honzik.avcdn.net:443/universe/9fcc/f245/57f7/9fccf24557f7691f06726fa651a35b48bdbac4556cb6318
Source: msedgewebview2.exe, 00000021.00000003.2532289125.00003D28006AC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/C/#the-details-and-summary-elements
Source: msedgewebview2.exe, 00000021.00000003.2532289125.00003D28006AC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/rendering.html#flow-content-3
Source: msedgewebview2.exe, 00000021.00000003.2532289125.00003D28006AC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/rendering.html#hidden-elements
Source: avg_antivirus_free_online_setup.exe, 0000000C.00000003.2628849428.0000000005C36000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://id.avast.com/inAvastium
Source: avg_antivirus_free_online_setup.exe, 0000000C.00000003.2628849428.0000000005C36000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://id.avg.com
Source: avg_antivirus_free_online_setup.exe, 0000000C.00000003.2628849428.0000000005C36000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://identityprotection.avg.com
Source: avg_antivirus_free_online_setup.exe, 0000000C.00000003.2628849428.0000000005C36000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ipm-provider.ff.avast.com/
Source: avg_antivirus_free_online_setup.exe, 0000000C.00000003.2628849428.0000000005C36000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ipm.avcdn.net/
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.exe, 00000000.00000000.1694684999.0000000000401000.00000020.00000001.01000000.00000003.sdmp	String found in binary or memory: https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
Source: BitComet_stats.exe, 00000008.00000002.2230476280.000000000070C000.00000004.00000020.00020000.00000000.sdmp, BitComet_stats.exe, 00000008.00000003.2228162848.000000000070C000.00000004.00000020.00020000.00000000.sdmp, BitComet_stats.exe, 00000008.00000003.2227044278.000000000070C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.comsoft
Source: avg_antivirus_free_online_setup.exe, 0000000C.00000003.2628849428.0000000005C36000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://my.avast.com
Source: avg_antivirus_free_online_setup.exe, 0000000C.00000003.2628849428.0000000005C36000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pair.ff.avast.com
Source: BitComet_2.08a_setup.exe, 00000005.00000002.2249442158.0000000002794000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://picsum.photos/364/202?image=883
Source: avg_antivirus_free_online_setup.exe, 0000000C.00000003.2628849428.0000000005C36000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://prod1-fe-basic-auth-breach.prod.aws.lifelock.com
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1760509842.000000000085F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2410033411.000000000082E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://reasonlabs.com/policies
Source: avg_antivirus_free_online_setup.exe, 0000000C.00000003.2628849428.0000000005C36000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://s-nuistatic.avcdn.net/nui/avg/1.0.749/updatefile.json
Source: saBSI.exe, 0000000A.00000002.2897708570.0000000002E4E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.m
Source: saBSI.exe, 0000000A.00000003.2401223602.0000000002F04000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.co
Source: saBSI.exe, 0000000A.00000003.2444175220.0000000002F2A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2728067926.0000000002EB9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/
Source: saBSI.exe, 0000000A.00000003.2444175220.0000000002F2A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/G
Source: saBSI.exe, 0000000A.00000003.2444175220.0000000002F2A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/U
Source: saBSI.exe, saBSI.exe, 0000000A.00000003.2719167639.0000000002EE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/
Source: saBSI.exe, 0000000A.00000003.2730262487.0000000002F1F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2401223602.0000000002F1E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2720973329.0000000002F1F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2719167639.0000000002F1E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2884883686.0000000002F20000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2720589934.0000000002F1F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2730852804.0000000002F20000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2721125963.0000000002F1F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2728067926.0000000002F1E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/Win/binary/3.7.2/update_bsi_product.xml
Source: saBSI.exe, 0000000A.00000003.2730262487.0000000002F1F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2401223602.0000000002F1E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2720973329.0000000002F1F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2719167639.0000000002F1E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2884883686.0000000002F20000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2720589934.0000000002F1F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2730852804.0000000002F20000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2721125963.0000000002F1F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2728067926.0000000002F1E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/Win/binary/3.7.2/update_bsi_product.xml/
Source: saBSI.exe, 0000000A.00000003.2730262487.0000000002F1F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2401223602.0000000002F1E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2720973329.0000000002F1F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2719167639.0000000002F1E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2884883686.0000000002F20000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2720589934.0000000002F1F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2730852804.0000000002F20000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2721125963.0000000002F1F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2728067926.0000000002F1E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/Win/binary/4.1.0/update_bsi_self.xml
Source: saBSI.exe, 0000000A.00000003.2730262487.0000000002F1F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2401223602.0000000002F1E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2720973329.0000000002F1F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2719167639.0000000002F1E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2884883686.0000000002F20000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2720589934.0000000002F1F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2730852804.0000000002F20000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2721125963.0000000002F1F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2728067926.0000000002F1E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/Win/binary/4.1.0/update_bsi_self.xml/
Source: saBSI.exe, 0000000A.00000002.2897708570.0000000002EE3000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000002.2897708570.0000000002E4E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2896027780.0000000002EE3000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2728067926.0000000002EE3000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2719167639.0000000002EE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_DistributionRules.xml
Source: saBSI.exe, 0000000A.00000003.2401095516.0000000005404000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_DistributionRules.xml/
Source: saBSI.exe, 0000000A.00000003.2401223602.0000000002F04000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000002.2897708570.0000000002EE3000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2896027780.0000000002EE3000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2728067926.0000000002EE3000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2719167639.0000000002EE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_DistributionRulesISB.xml
Source: saBSI.exe, 0000000A.00000003.2401095516.0000000005404000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_DistributionRulesISB.xml/
Source: saBSI.exe, 0000000A.00000003.2401223602.0000000002F1E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_Pa
Source: saBSI.exe, 0000000A.00000003.2730262487.0000000002F1F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2401223602.0000000002F1E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2720973329.0000000002F1F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2895072615.0000000002E8D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2719167639.0000000002F1E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2884883686.0000000002F20000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2720589934.0000000002F1F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2730852804.0000000002F20000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2721125963.0000000002F1F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2728067926.0000000002F1E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000002.2897708570.0000000002E8D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_PaidDistribution.xml
Source: saBSI.exe, 0000000A.00000003.2730262487.0000000002F1F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2401223602.0000000002F1E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2720973329.0000000002F1F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2719167639.0000000002F1E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2884883686.0000000002F20000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2720589934.0000000002F1F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2730852804.0000000002F20000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2721125963.0000000002F1F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2728067926.0000000002F1E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_PaidDistribution.xml/
Source: saBSI.exe, 0000000A.00000003.2728067926.0000000002EE3000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2719167639.0000000002EE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_PaidDistribution.xmltT
Source: saBSI.exe, 0000000A.00000003.2730262487.0000000002F1F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2401223602.0000000002F1E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2720973329.0000000002F1F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2719167639.0000000002F1E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2884883686.0000000002F20000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2720589934.0000000002F1F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2730852804.0000000002F20000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2721125963.0000000002F1F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2728067926.0000000002F1E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_PartnerDistribution.xml
Source: saBSI.exe, 0000000A.00000003.2730262487.0000000002F1F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2401223602.0000000002F1E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2720973329.0000000002F1F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2719167639.0000000002F1E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2884883686.0000000002F20000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2720589934.0000000002F1F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2730852804.0000000002F20000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2721125963.0000000002F1F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2728067926.0000000002F1E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_PartnerDistribution.xml/
Source: saBSI.exe, 0000000A.00000003.2719167639.0000000002F1E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_abtest.
Source: saBSI.exe, 0000000A.00000003.2444175220.0000000002F2A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2728067926.0000000002F1E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2884328927.0000000005404000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2718431117.0000000005404000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_abtest.xml
Source: saBSI.exe, 0000000A.00000003.2730262487.0000000002F1F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2401223602.0000000002F1E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2883408378.0000000005421000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2729383650.0000000005421000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2720973329.0000000002F1F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2884257310.0000000005421000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2719167639.0000000002F1E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2884883686.0000000002F20000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2731341920.0000000005421000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2718431117.0000000005421000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2720589934.0000000002F1F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2730852804.0000000002F20000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2721125963.0000000002F1F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2728067926.0000000002F1E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2486584163.0000000005421000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2720457018.0000000005421000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_abtest.xml/
Source: saBSI.exe, saBSI.exe, 0000000A.00000003.2719167639.0000000002EBA000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000000.2344892193.00000000006DE000.00000002.00000001.01000000.00000016.sdmp, saBSI.exe, 0000000A.00000003.2373312406.0000000002EBA000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000002.2896762694.00000000006DE000.00000002.00000001.01000000.00000016.sdmp, saBSI.exe, 0000000A.00000003.2728067926.0000000002EB9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_main.xml
Source: saBSI.exe, 0000000A.00000003.2401223602.0000000002F04000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000002.2897708570.0000000002EE3000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2896027780.0000000002EE3000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2728067926.0000000002EE3000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2719167639.0000000002EE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_vars.x
Source: saBSI.exe, 0000000A.00000003.2730262487.0000000002F1F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2401223602.0000000002F1E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2720973329.0000000002F1F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2719167639.0000000002F1E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2884883686.0000000002F20000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2720589934.0000000002F1F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2730852804.0000000002F20000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2721125963.0000000002F1F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2728067926.0000000002F1E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_vars.xml
Source: saBSI.exe, 0000000A.00000003.2730262487.0000000002F1F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2401223602.0000000002F1E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2720973329.0000000002F1F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2719167639.0000000002F1E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2884883686.0000000002F20000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2720589934.0000000002F1F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2730852804.0000000002F20000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2721125963.0000000002F1F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2728067926.0000000002F1E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_vars.xml/
Source: saBSI.exe, 0000000A.00000000.2344892193.00000000006DE000.00000002.00000001.01000000.00000016.sdmp, saBSI.exe, 0000000A.00000002.2896762694.00000000006DE000.00000002.00000001.01000000.00000016.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/UPDATER_VERSIONaffidosplatSELF_UPDATE_ALLOWEDMAIN_XMLSTORE
Source: saBSI.exe, saBSI.exe, 0000000A.00000002.2897708570.0000000002E64000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2896422358.0000000002E63000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.json
Source: saBSI.exe, 0000000A.00000002.2897708570.0000000002E64000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2896422358.0000000002E63000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.json&
Source: saBSI.exe, 0000000A.00000002.2897708570.0000000002E64000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2896422358.0000000002E63000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.json&X0
Source: saBSI.exe, 0000000A.00000003.2896422358.0000000002E63000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.jsonRS=2On
Source: saBSI.exe, 0000000A.00000003.2884586261.0000000005405000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2894779605.0000000005408000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2731341920.0000000005404000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2729383650.0000000005404000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2486584163.0000000005404000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2884328927.0000000005404000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2718431117.0000000005404000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/bsi
Source: saBSI.exe, 0000000A.00000003.2883408378.0000000005421000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2729383650.0000000005421000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2884257310.0000000005421000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2731341920.0000000005421000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2718431117.0000000005421000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2486584163.0000000005421000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2720457018.0000000005421000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/bsi/
Source: saBSI.exe, 0000000A.00000003.2730262487.0000000002F1F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2401223602.0000000002F1E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2720973329.0000000002F1F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2719167639.0000000002F1E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2884883686.0000000002F20000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2720589934.0000000002F1F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2730852804.0000000002F20000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2721125963.0000000002F1F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2728067926.0000000002F1E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/bsi/4.1.1/install.xml
Source: saBSI.exe, 0000000A.00000003.2730262487.0000000002F1F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2401223602.0000000002F1E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2720973329.0000000002F1F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2719167639.0000000002F1E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2884883686.0000000002F20000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2720589934.0000000002F1F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2730852804.0000000002F20000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2721125963.0000000002F1F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2728067926.0000000002F1E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/bsi/4.1.1/install.xml/
Source: saBSI.exe, 0000000A.00000002.2897708570.0000000002EB9000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2895072615.0000000002EB9000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2719167639.0000000002EBA000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2728067926.0000000002EB9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/bsi/4.1.1/install.xmlhe
Source: saBSI.exe, 0000000A.00000002.2897708570.0000000002EB9000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2895072615.0000000002EB9000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2719167639.0000000002EBA000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2728067926.0000000002EB9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/bsi/binaryFoxPathm
Source: saBSI.exe, 0000000A.00000003.2730262487.0000000002F1F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2720973329.0000000002F1F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2719167639.0000000002F1E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2884883686.0000000002F20000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2719167639.0000000002EBA000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2720589934.0000000002F1F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2730852804.0000000002F20000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2721125963.0000000002F1F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2728067926.0000000002F1E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2728067926.0000000002EB9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/installer/4.1.1/914/
Source: saBSI.exe, 0000000A.00000003.2728067926.0000000002EE3000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2719167639.0000000002EE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/installer/4.1.1/914/64/installer.exe
Source: saBSI.exe, 0000000A.00000003.2728067926.0000000002EE3000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2719167639.0000000002EE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/installer/4.1.1/914/64/installer.exeexeI
Source: saBSI.exe, 0000000A.00000003.2719167639.0000000002EBA000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2728067926.0000000002EB9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/installer/4.1.1/914/64/installer.exem
Source: saBSI.exe, 0000000A.00000003.2719167639.0000000002EBA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/installer/4.1.1/914/64/installer.exemd
Source: saBSI.exe, 0000000A.00000003.2730262487.0000000002F1F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2720973329.0000000002F1F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2719167639.0000000002F1E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2884883686.0000000002F20000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2719167639.0000000002EBA000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2720589934.0000000002F1F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2730852804.0000000002F20000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2721125963.0000000002F1F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2728067926.0000000002F1E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/pc/partner_custom_bsi.xml
Source: saBSI.exe, 0000000A.00000003.2730262487.0000000002F1F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000002.2897708570.0000000002F2A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2884586261.0000000005405000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000002.2897708570.0000000002EB9000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2720973329.0000000002F1F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2894505897.0000000002F2A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2719167639.0000000002F1E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2895072615.0000000002EB9000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000002.2900191307.0000000005405000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2884883686.0000000002F20000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000002.2900118315.00000000053F0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2720589934.0000000002F1F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2730852804.0000000002F20000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2721125963.0000000002F1F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2728067926.0000000002F1E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2884328927.0000000005404000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2884729376.00000000053F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/update/post_install.xml
Source: saBSI.exe, 0000000A.00000002.2897708570.0000000002EE3000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2896027780.0000000002EE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/update/post_install.xmlml
Source: saBSI.exe, 0000000A.00000002.2897708570.0000000002EE3000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2896027780.0000000002EE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/update/post_install.xmlw
Source: saBSI.exe, 0000000A.00000002.2897708570.0000000002E64000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2896422358.0000000002E63000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/sa
Source: saBSI.exe, 0000000A.00000003.2884586261.0000000005405000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2894779605.0000000005408000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2731341920.0000000005404000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2729383650.0000000005404000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2486584163.0000000005404000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2884328927.0000000005404000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2718431117.0000000005404000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/sa/bsi/win/binary
Source: saBSI.exe, 0000000A.00000003.2883408378.0000000005421000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2729383650.0000000005421000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2884257310.0000000005421000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2731341920.0000000005421000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2718431117.0000000005421000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2486584163.0000000005421000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2720457018.0000000005421000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/sa/bsi/win/binary/
Source: saBSI.exe, 0000000A.00000003.2489648876.000000000544A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2486098296.000000000545D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2719167639.0000000002EBA000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2486584163.0000000005404000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2728067926.0000000002EE3000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2728067926.0000000002EB9000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2718431117.0000000005404000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2719167639.0000000002EE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/sa/v1/pc/partner_custom_vars.xml
Source: saBSI.exe, 0000000A.00000003.2896422358.0000000002E63000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/saLOCALA
Source: saBSI.exe, 0000000A.00000000.2344892193.00000000006DE000.00000002.00000001.01000000.00000016.sdmp, saBSI.exe, 0000000A.00000002.2896762694.00000000006DE000.00000002.00000001.01000000.00000016.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/saUPDATER_URLupdater.exeWebAdvisor_Updaterheron_hostthreat.ap
Source: saBSI.exe, 0000000A.00000003.2444175220.0000000002F2A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/r
Source: saBSI.exe, 0000000A.00000003.2720973329.0000000002F1F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2719167639.0000000002F1E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2720589934.0000000002F1F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2721125963.0000000002F1F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/t
Source: saBSI.exe, 0000000A.00000003.2719167639.0000000002F1E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com:443/products/SA/BSI/bsi_DistributionRules.xmlRECONDITION
Source: saBSI.exe, 0000000A.00000003.2719167639.0000000002EE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com:443/products/SA/v1/installer/4.1.1/914/64/installer.exe
Source: avg_antivirus_free_online_setup.exe, 0000000C.00000003.2604061607.0000000005C6A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://shepherd.avcdn.net
Source: avg_antivirus_free_setup.exe, 0000000B.00000003.2388808034.0000000004E58000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2633304923.000000000354B000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000002.2995522970.0000000005490000.00000002.00000001.00040000.00000018.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000002.2976217934.0000000003517000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://shepherd.avcdn.net/
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1778301135.0000000000843000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2410033411.000000000083F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1760569997.0000000000828000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2110428676.0000000000842000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://shield.reasonsecurity.com/rsStubActivator.exe
Source: avg_antivirus_free_online_setup.exe, 0000000C.00000003.2628849428.0000000005C36000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://stream-production.avcdn.net
Source: avg_antivirus_free_online_setup.exe, 0000000C.00000003.2577221124.0000000005DA0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://submit.sb.avast.com
Source: avg_antivirus_free_online_setup.exe, 0000000C.00000003.2577221124.0000000005DA0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://viruslab-samples.sb.avast.com
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1760569997.0000000000828000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1760509842.000000000085F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2410033411.000000000082E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://webcompanion.com/privacy
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1760569997.0000000000828000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1760509842.000000000085F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2410033411.000000000082E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://webcompanion.com/terms
Source: avg_antivirus_free_online_setup.exe, 0000000C.00000003.2577221124.0000000005DA0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://winqual.sb.avast.com
Source: avg_antivirus_free_online_setup.exe, 0000000C.00000003.2577221124.0000000005DA0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://winqual.sb.avast.comhttps://hns-legacy.sb.avast.comhttps://submit.sb.avast.comhttps://virusl
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000002.2627572791.0000000003622000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1760509842.000000000085F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2410033411.000000000087D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2110428676.000000000087D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.360totalsecurity.com/en/license/
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2110428676.0000000000818000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2410033411.0000000000818000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1778301135.0000000000818000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1760569997.0000000000815000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000002.2618744694.000000000081A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.360totalsecurity.com/en/license/u=
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2110428676.0000000000818000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000002.2627572791.0000000003622000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2410033411.0000000000818000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2410033411.000000000087D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2110428676.000000000087D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1778301135.0000000000818000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1760569997.0000000000815000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.360totalsecurity.com/en/privacy/
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000002.2627572791.0000000003622000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2410033411.000000000083F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2110428676.0000000000854000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1760569997.0000000000828000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1760509842.000000000085F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1778301135.0000000000854000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.avast.com/eula#pc
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2110428676.000000000085C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.avast.com/eula-avast-c
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1760569997.0000000000828000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1760509842.000000000085F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2110428676.0000000000842000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1778301135.000000000085C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.avast.com/eula-avast-consumer-products
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2110428676.000000000085C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.avast.com/eula-avast-cv
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2410033411.000000000082E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1778301135.000000000085C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.avast.com/privacy-policy
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000002.2627572791.0000000003622000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1760509842.000000000085F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.avast.com/privacy-policy#pc
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2110428676.0000000000818000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2410033411.0000000000818000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1778301135.0000000000818000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1760569997.0000000000815000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000002.2618744694.000000000081A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.avast.com/privacy-policy#pcl
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000002.2642171583.0000000007566000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.avg.com/ww-en/
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000002.2633853589.0000000004EB6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000002.2642171583.00000000074E2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.avg.com/ww-en/eula
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2360300158.0000000004F5D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2361467884.0000000004F54000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2363199165.0000000004F68000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2409204675.0000000004F6A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.avg.com/ww-en/eula/en-us/
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000002.2637685057.0000000004F5F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2409204675.0000000004F5E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2409753961.0000000004F5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.avg.com/ww-en/eula/en-us/g
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2110428676.000000000085C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.avg.com/ww-en/eula/en-us/policy/legal.html09/EN.pngI.zip.08a_s
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2410033411.000000000082E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.avg.com/ww-en/eulaL
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000002.2642171583.000000000759F000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.avg.com/ww-en/priv
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000002.2642171583.000000000757B000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2363333750.0000000004F7B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000002.2636705232.0000000004F47000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000002.2622264821.0000000002408000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000002.2633853589.0000000004EB6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000002.2642171583.00000000074E2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.avg.com/ww-en/privacy
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2360300158.0000000004F5D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2361467884.0000000004F54000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2363199165.0000000004F68000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2409204675.0000000004F6A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.avg.com/ww-en/privacy-us/
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000002.2637685057.0000000004F5F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2409204675.0000000004F5E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2409753961.0000000004F5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.avg.com/ww-en/privacy-us/K
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2110428676.000000000085C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.avg.com/ww-en/privacy-us/policy/legal.htmls/NEW/EN.pngipe
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2409204675.0000000004F5E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2409753961.0000000004F5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.avg.com/ww-en/privacynet/
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2110428676.000000000085C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.avg.com/ww-en/privacynet/f/WebAdvisor/images/NEW/EN.pngipS
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000002.2637685057.0000000004F5F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2409204675.0000000004F5E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2409753961.0000000004F5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.avg.com/ww-en/privacynet/j
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2410033411.000000000082E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.avg.com/ww-en/privacynet/r
Source: BitComet.exe, 0000000D.00000002.2420857876.00007FF664E1C000.00000002.00000001.01000000.00000019.sdmp, BitComet.exe, 0000000D.00000000.2403166450.00007FF664E1C000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.bitcomet.com
Source: BitComet_stats.exe, 00000008.00000003.2227384369.00000000006D4000.00000004.00000020.00020000.00000000.sdmp, BitComet_stats.exe, 00000008.00000002.2230080233.00000000006BA000.00000004.00000020.00020000.00000000.sdmp, BitComet_stats.exe, 00000008.00000003.2228368885.00000000006BA000.00000004.00000020.00020000.00000000.sdmp, BitComet_stats.exe, 00000008.00000002.2230315967.00000000006D4000.00000004.00000020.00020000.00000000.sdmp, BitComet_stats.exe, 00000008.00000003.2228249240.00000000006D4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.bitcomet.com/
Source: BitComet_stats.exe, 00000008.00000002.2230476280.000000000070C000.00000004.00000020.00020000.00000000.sdmp, BitComet_stats.exe, 00000008.00000003.2228162848.000000000070C000.00000004.00000020.00020000.00000000.sdmp, BitComet_stats.exe, 00000008.00000003.2227044278.000000000070C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.bitcomet.com/:
Source: BitComet_stats.exe, 00000008.00000002.2230476280.000000000070C000.00000004.00000020.00020000.00000000.sdmp, BitComet_stats.exe, 00000008.00000003.2228162848.000000000070C000.00000004.00000020.00020000.00000000.sdmp, BitComet_stats.exe, 00000008.00000003.2227044278.000000000070C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.bitcomet.com/J
Source: BitComet_2.08a_setup.exe, 00000005.00000002.2247774329.0000000000832000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.bitcomet.com/client/help/?item=install_firefox_extension&v=2.08&l=
Source: BitComet_2.08a_setup.exe, 00000005.00000002.2247774329.0000000000832000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.bitcomet.com/client/install-stats/?l=
Source: BitComet_2.08a_setup.exe	String found in binary or memory: https://www.bitcomet.com/client/install-stats/?l=en_us&file=Bit
Source: BitComet_2.08a_setup.exe	String found in binary or memory: https://www.bitcomet.com/client/install-stats/?l=en_us&file=BitC
Source: BitComet_stats.exe, 00000008.00000002.2230297660.00000000006CF000.00000004.00000020.00020000.00000000.sdmp, BitComet_stats.exe, 00000008.00000002.2229464470.0000000000670000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.bitcomet.com/client/install-stats/?l=en_us&file=BitComet_2.08a_setup.exe&p=x64
Source: BitComet_stats.exe, 00000008.00000002.2230476280.000000000070C000.00000004.00000020.00020000.00000000.sdmp, BitComet_stats.exe, 00000008.00000003.2228162848.000000000070C000.00000004.00000020.00020000.00000000.sdmp, BitComet_stats.exe, 00000008.00000003.2227044278.000000000070C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.bitcomet.com/client/install-stats/?l=en_us&file=BitComet_2.08a_setup.exe&p=x64(
Source: BitComet_stats.exe, 00000008.00000003.2228323587.00000000006CF000.00000004.00000020.00020000.00000000.sdmp, BitComet_stats.exe, 00000008.00000003.2228442765.00000000006CF000.00000004.00000020.00020000.00000000.sdmp, BitComet_stats.exe, 00000008.00000002.2230297660.00000000006CF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.bitcomet.com/client/install-stats/?l=en_us&file=BitComet_2.08a_setup.exe&p=x64.
Source: BitComet_stats.exe, 00000008.00000003.2228323587.00000000006CF000.00000004.00000020.00020000.00000000.sdmp, BitComet_stats.exe, 00000008.00000003.2228442765.00000000006CF000.00000004.00000020.00020000.00000000.sdmp, BitComet_stats.exe, 00000008.00000002.2230297660.00000000006CF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.bitcomet.com/client/install-stats/?l=en_us&file=BitComet_2.08a_setup.exe&p=x64:
Source: BitComet_stats.exe, 00000008.00000003.2228323587.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, BitComet_stats.exe, 00000008.00000002.2230194299.00000000006C5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.bitcomet.com/client/install-stats/?l=en_us&file=BitComet_2.08a_setup.exe&p=x64;
Source: BitComet_stats.exe, 00000008.00000003.2228323587.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, BitComet_stats.exe, 00000008.00000002.2230194299.00000000006C5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.bitcomet.com/client/install-stats/?l=en_us&file=BitComet_2.08a_setup.exe&p=x64=
Source: BitComet_2.08a_setup.exe, 00000005.00000002.2245578736.000000000040A000.00000004.00000001.01000000.0000000D.sdmp, BitComet_stats.exe, 00000008.00000002.2229356875.00000000004E0000.00000004.00000020.00020000.00000000.sdmp, BitComet_stats.exe, 00000008.00000002.2229464470.0000000000670000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.bitcomet.com/client/install-stats/?l=en_us&file=BitComet_2.08a_setup.exe&p=x64C:
Source: BitComet_2.08a_setup.exe, 00000005.00000002.2247240321.0000000000610000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.bitcomet.com/client/install-stats/?l=en_us&file=BitComet_2.08a_setup.exe&p=x64DAC:
Source: BitComet_stats.exe, 00000008.00000002.2228633981.0000000000190000.00000004.00000010.00020000.00000000.sdmp	String found in binary or memory: https://www.bitcomet.com/client/install-stats/?l=en_us&file=BitComet_2.08a_setup.exe&p=x64R
Source: BitComet_stats.exe, 00000008.00000003.2228323587.00000000006CF000.00000004.00000020.00020000.00000000.sdmp, BitComet_stats.exe, 00000008.00000003.2228442765.00000000006CF000.00000004.00000020.00020000.00000000.sdmp, BitComet_stats.exe, 00000008.00000002.2230297660.00000000006CF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.bitcomet.com/client/install-stats/?l=en_us&file=BitComet_2.08a_setup.exe&p=x64i
Source: BitComet_stats.exe, 00000008.00000002.2230476280.000000000070C000.00000004.00000020.00020000.00000000.sdmp, BitComet_stats.exe, 00000008.00000003.2228162848.000000000070C000.00000004.00000020.00020000.00000000.sdmp, BitComet_stats.exe, 00000008.00000003.2227044278.000000000070C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.bitcomet.com/client/install-stats/?l=en_us&file=BitComet_2.08a_setup.exe&p=x64r
Source: BitComet_stats.exe, 00000008.00000002.2229464470.0000000000670000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.bitcomet.com/client/install-stats/?l=en_us&file=BitComet_2.08a_setup.exe&p=x64w
Source: BitComet_stats.exe, 00000008.00000003.2228323587.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, BitComet_stats.exe, 00000008.00000002.2230194299.00000000006C5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.bitcomet.com/client/install-stats/?l=en_us&file=BitComet_2.08a_setup.exe&p=x64z
Source: BitComet_2.08a_setup.exe, 00000005.00000002.2247774329.0000000000832000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.bitcomet.com/client/install-without-google-cannot/?install=silence&l=
Source: BitComet.exe, 0000000D.00000002.2420857876.00007FF664E1C000.00000002.00000001.01000000.00000019.sdmp, BitComet.exe, 0000000D.00000000.2403166450.00007FF664E1C000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.bitcomet.com/client/video-download/AddFlashAddPictureLinkAddPictureOpenBCTPListOpenBCTPD
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2110428676.000000000085C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000002.2642171583.00000000074E9000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000002.2622264821.0000000002390000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1703819395.0000000003490000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.bitcomet.com/doc/privacy-policy.php
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2110428676.000000000082E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2410033411.000000000082E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.bitcomet.com/doc/privacy-policy.phpitComet
Source: BitComet.exe, 0000000D.00000003.2413977005.0000023E813D8000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 0000000D.00000003.2413761678.0000023E813C7000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 0000000D.00000002.2418320040.0000023E813D9000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 0000000D.00000003.2413848761.0000023E813D3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.bitcomet.com/en/privacy-policy
Source: BitComet.exe, 0000000D.00000003.2413977005.0000023E813D8000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 0000000D.00000003.2413761678.0000023E813C7000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 0000000D.00000002.2418320040.0000023E813D9000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 0000000D.00000003.2413848761.0000023E813D3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.bitcomet.com/en/privacy-policyI
Source: BitComet_stats.exe, 00000008.00000003.2227384369.00000000006D4000.00000004.00000020.00020000.00000000.sdmp, BitComet_stats.exe, 00000008.00000002.2230315967.00000000006D4000.00000004.00000020.00020000.00000000.sdmp, BitComet_stats.exe, 00000008.00000003.2228249240.00000000006D4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.bitcomet.com/t
Source: BitComet.exe, 0000000D.00000002.2420857876.00007FF664E1C000.00000002.00000001.01000000.00000019.sdmp, BitComet.exe, 0000000D.00000000.2403166450.00007FF664E1C000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.bitcomet.comupdate
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2110344218.0000000004EDD000.00000004.00000020.00020000.00000000.sdmp, BitComet_2.08a_setup.exe, 00000005.00000002.2249442158.0000000002794000.00000004.00000020.00020000.00000000.sdmp, BitComet_2.08a_setup.exe, 00000005.00000003.2216838446.00000000030F3000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 0000000D.00000003.2405439939.0000023E833A5000.00000004.00001000.00020000.00000000.sdmp, BitComet.exe, 0000000E.00000003.2413441796.0000021F09335000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.certum.pl/CPS0
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2344093536.0000000004F1E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2359323053.0000000006345000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2874180498.00000000057B6000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2731341920.0000000005404000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2884883686.0000000002F20000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2731341920.0000000005421000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2729383650.000000000544A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2720457018.000000000540E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2729383650.0000000005404000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2731341920.000000000544A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000002.2901328913.00000000057B6000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2728067926.0000000002EE3000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2717611623.00000000054EE000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2733919705.00000000056F3000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2718431117.0000000005404000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2719167639.0000000002EE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.globalsign.com/repository/0
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.exe, 00000000.00000003.1700603344.000000007FB50000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.exe, 00000000.00000003.1698345675.00000000026B0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000000.1702051510.0000000000401000.00000020.00000001.01000000.00000004.sdmp	String found in binary or memory: https://www.innosetup.com/
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2110428676.000000000085C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1778301135.000000000085C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/global/lega
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1760569997.0000000000828000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/global/legal
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000002.2627572791.0000000003622000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1760569997.0000000000828000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2410033411.00000000007D7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/global/legal.html
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2110344218.0000000004EF6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/legal.html
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1760569997.0000000000828000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1778301135.0000000000824000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2410033411.0000000000824000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2110428676.0000000000824000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/legal.html$Z
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1760569997.0000000000828000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1778301135.0000000000824000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2410033411.0000000000824000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2110428676.0000000000824000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/legal.html5Z
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2110764000.0000000000809000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/legal.htmld
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2410033411.0000000000809000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/legal.htmlr
Source: saBSI.exe, 0000000A.00000002.2897708570.0000000002E64000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000000.2344892193.00000000006DE000.00000002.00000001.01000000.00000016.sdmp, saBSI.exe, 0000000A.00000002.2897708570.0000000002E4E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000002.2896762694.00000000006DE000.00000002.00000001.01000000.00000016.sdmp, saBSI.exe, 0000000A.00000003.2896422358.0000000002E63000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mcafee.com/consumer/v/wa-how.html
Source: saBSI.exe, 0000000A.00000002.2897708570.0000000002E64000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2896422358.0000000002E63000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mcafee.com/consumer/v/wa-how.html6
Source: saBSI.exe, 0000000A.00000002.2897708570.0000000002E64000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2896422358.0000000002E63000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mcafee.com/consumer/v/wa-how.htmlD
Source: saBSI.exe, 0000000A.00000002.2897708570.0000000002E64000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2896422358.0000000002E63000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mcafee.com/consumer/v/wa-how.htmlY
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1760509842.000000000085F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000002.2617899539.00000000007BF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.nortonlifelock.com/us/en/legal/license-services-agreement/
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1760509842.000000000085F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.nortonlifelock.com/us/en/privacy/
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2110428676.0000000000818000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2410033411.0000000000818000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1778301135.0000000000818000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1760569997.0000000000815000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000002.2618744694.000000000081A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.nortonlifelock.com/us/en/privacy/F=
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1760509842.000000000085F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2410033411.000000000087D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2110428676.000000000087D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1778301135.0000000000818000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1760569997.0000000000815000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000002.2618744694.000000000081A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.opera.com/he/eula/computers
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1760509842.000000000085F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2410033411.000000000087D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2110428676.000000000087D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2410033411.000000000082E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.opera.com/he/privacy
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000002.2627572791.0000000003622000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1760569997.0000000000828000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1760509842.000000000085F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1778301135.0000000000824000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2410033411.0000000000824000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2110428676.0000000000824000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.premieropinion.com/common/termsofservice-v1
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2110428676.0000000000818000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000002.2627572791.0000000003622000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2410033411.0000000000818000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1760509842.000000000085F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1778301135.0000000000818000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1760569997.0000000000815000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000002.2618744694.000000000081A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.premieropinion.com/privacy-policy
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.exe, 00000000.00000003.1700603344.000000007FB50000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.exe, 00000000.00000003.1698345675.00000000026B0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000000.1702051510.0000000000401000.00000020.00000001.01000000.00000004.sdmp	String found in binary or memory: https://www.remobjects.com/ps
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2110428676.0000000000818000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2410033411.0000000000818000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1760509842.000000000085F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1778301135.0000000000818000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1760569997.0000000000815000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000002.2618744694.000000000081A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.winzip.com/win/en/eula.html
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2110428676.0000000000818000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2410033411.0000000000818000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1760509842.000000000085F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1778301135.0000000000818000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1760569997.0000000000815000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000002.2618744694.000000000081A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.winzip.com/win/en/privacy.html

Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Uses secure TLS version for HTTPS connections

Source: unknown	HTTPS traffic detected: 13.249.12.125:443 -> 192.168.2.4:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.249.12.125:443 -> 192.168.2.4:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.249.12.125:443 -> 192.168.2.4:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.249.12.125:443 -> 192.168.2.4:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.249.12.125:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.249.12.125:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.249.12.125:443 -> 192.168.2.4:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 143.204.205.88:443 -> 192.168.2.4:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.25.171.187:443 -> 192.168.2.4:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 143.204.205.88:443 -> 192.168.2.4:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.4:49760 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.4:49762 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.25.171.187:443 -> 192.168.2.4:49777 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.4:49832 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.4:49833 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.176.28:443 -> 192.168.2.4:49834 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.176.28:443 -> 192.168.2.4:49836 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.4:49867 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.4:49869 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.176.28:443 -> 192.168.2.4:49870 version: TLS 1.2

Key, Mouse, Clipboard, Microphone and Screen Capturing

Contains functionality for read data from the clipboard

Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe

Code function: 5_2_0040558F GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,

5_2_0040558F

E-Banking Fraud

Drops certificate files (DER)

Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe

File created: C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C5C8CC0A7FE31816B4641D0465402560

Jump to dropped file

Spam, unwanted Advertisements and Ransom Demands

Writes a notice file (html or txt) to demand a ransom

Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe

File dropped: C:\Program Files\McAfee\Temp1561643107\jslang\eula-en-US.txt -> encryption key for your account secure because without them you may lose access to your data. you are solely responsible and liable for any activity that occurs under your account, including by anyone who uses your account. if there is any unauthorized use or access to your account, you must let us know immediately. we are not responsible for any loss caused by unauthorized use of or access to your account; however, you may be liable for any losses we or others suffer because of the unauthorized use. we do not have access to master passwords and cannot recover your encrypted data if you forget the master password for any password management feature or product. we offer both free and premium versions of our password and identity management software, and the free versions limit the maximum number of unique accounts (such as a website or application login) that you can store. if you have downloaded a premium version of the software at no cost during a promotion, then when the promotional period ends you will not

Jump to dropped file

Writes many files with high entropy

Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	File created: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe (copy) entropy: 7.99986272716	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	File created: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0 (copy) entropy: 7.99597518735	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	File created: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1 (copy) entropy: 7.99668482326	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	File created: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0.zip (copy) entropy: 7.99597518735	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	File created: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1.zip (copy) entropy: 7.99668482326	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	File created: C:\Users\user\AppData\Roaming\BitComet\fav\embed_bcfs.zip entropy: 7.99358347494	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	File created: C:\Users\user\AppData\Roaming\BitComet\fav\embed_bcfs_full.zip entropy: 7.99269261447	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	File created: C:\Users\user\AppData\Roaming\BitComet\fav\embed_bcsp.zip entropy: 7.99375900364	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	File created: C:\Users\user\AppData\Roaming\BitComet\fav\embed_bcxt.zip entropy: 7.99507714827	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	File created: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe entropy: 7.99275939838	Jump to dropped file
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	File created: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\common\1802c68f-2f28-4075-9083-9e338a0c19c8 entropy: 7.99995619726	Jump to dropped file
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	File created: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\common\b160c05d-00aa-411d-8673-8b4473a458a7 entropy: 7.9998155782	Jump to dropped file
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	File created: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\common\c42c22c9-fabf-4e67-8f42-1d89e7da9849 entropy: 7.99988827099	Jump to dropped file
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	File created: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\common\e1423531-f6b5-40bf-a17c-6bfd64d490eb entropy: 7.99872246404	Jump to dropped file
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	File created: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\common\setupui.cont entropy: 7.99951433164	Jump to dropped file
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	File created: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\common\645cb7cb-fd81-4ba0-9161-5880e64c7118 entropy: 7.99948650564	Jump to dropped file
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	File created: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\common\c21d9a86-afda-4a33-9ad7-d657cb6d993a entropy: 7.99992383249	Jump to dropped file
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	File created: C:\Users\user\AppData\Local\BitComet\EBWebView\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371 entropy: 7.99964947406	Jump to dropped file
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	File created: C:\Users\user\AppData\Local\BitComet\EBWebView\SmartScreen\RemoteData\topTraffic_638004170464094982 entropy: 7.99962590804	Jump to dropped file
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	File created: C:\Users\user\AppData\Local\BitComet\EBWebView\SmartScreen\RemoteData\synchronousLookupUris_636976985063396749.rel.v2 entropy: 7.99333285467	Jump to dropped file
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	File created: C:\Users\user\AppData\Local\BitComet\EBWebView\SmartScreen\RemoteData\customSynchronousLookupUris_0 entropy: 7.99333285467	Jump to dropped file
Source: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\common\icarus.exe	File created: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\avg-av-vps\icarus.exe.lzma entropy: 7.99992146095	Jump to dropped file
Source: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\common\icarus.exe	File created: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\avg-av-vps\icarus_product.dll.lzma entropy: 7.99939738909	Jump to dropped file
Source: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\common\icarus.exe	File created: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\avg-av-vps\icarus_rvrt.exe.lzma entropy: 7.99297729358	Jump to dropped file
Source: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\common\icarus.exe	File created: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\avg-av-vps\dump_process.exe.lzma entropy: 7.99979850494	Jump to dropped file
Source: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\common\icarus.exe	File created: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\avg-av\icarus_product.dll.lzma entropy: 7.99990382609	Jump to dropped file
Source: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\common\icarus.exe	File created: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\avg-av-vps\bug_report.exe.lzma entropy: 7.99985706293	Jump to dropped file
Source: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\common\icarus.exe	File created: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\avg-av\icarus_rvrt.exe.lzma entropy: 7.99297729358	Jump to dropped file
Source: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\common\icarus.exe	File created: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\avg-av\aswOfferTool.exe.lzma entropy: 7.99980527255	Jump to dropped file
Source: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\common\icarus.exe	File created: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\avg-av\setupui.cont entropy: 7.99951433164	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	File created: C:\Program Files\McAfee\Temp1561643107\mfw-webadvisor.cab entropy: 7.99753562082	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	File created: C:\Program Files\McAfee\Temp1561643107\mfw.cab entropy: 7.99533782215	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	File created: C:\Program Files\McAfee\Temp1561643107\servicehost.cab entropy: 7.99713063183	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	File created: C:\Program Files\McAfee\Temp1561643107\settingmanager.cab entropy: 7.99941777147	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	File created: C:\Program Files\McAfee\Temp1561643107\taskmanager.cab entropy: 7.99942858602	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	File created: C:\Program Files\McAfee\Temp1561643107\uihost.cab entropy: 7.99694976819	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	File created: C:\Program Files\McAfee\Temp1561643107\uimanager.cab entropy: 7.99951531158	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	File created: C:\Program Files\McAfee\Temp1561643107\uninstaller.cab entropy: 7.99951416644	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	File created: C:\Program Files\McAfee\Temp1561643107\updater.cab entropy: 7.99941364204	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	File created: C:\Program Files\McAfee\Temp1561643107\wataskmanager.cab entropy: 7.99988208039	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	File created: C:\Program Files\McAfee\Temp1561643107\wssdep.cab entropy: 7.99882239583	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	File created: C:\Program Files\McAfee\Temp1561643107\analyticsmanager.cab entropy: 7.99953278408	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	File created: C:\Program Files\McAfee\Temp1561643107\browserhost.cab entropy: 7.99940380547	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	File created: C:\Program Files\McAfee\Temp1561643107\browserplugin.cab entropy: 7.99921391906	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	File created: C:\Program Files\McAfee\Temp1561643107\downloadscan.cab entropy: 7.99975601196	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	File created: C:\Program Files\McAfee\Temp1561643107\eventmanager.cab entropy: 7.99960352381	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	File created: C:\Program Files\McAfee\Temp1561643107\logicmodule.cab entropy: 7.99960620162	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	File created: C:\Program Files\McAfee\Temp1561643107\lookupmanager.cab entropy: 7.99935848954	Jump to dropped file

System Summary

Found suspicious ZIP file

Source: FirefoxExtension.xpi.5.dr	Zip Entry: background.js
Source: FirefoxExtension.xpi.5.dr	Zip Entry: js/content.js
Source: FirefoxExtension.xpi.5.dr	Zip Entry: js/popup.js
Source: embed_bcfs.zip.5.dr	Zip Entry: assets/index-be2a7f67.js
Source: embed_bcfs_full.zip.5.dr	Zip Entry: assets/index-2f1e175b.js
Source: embed_bcsp.zip.5.dr	Zip Entry: assets/index-710fe85a.js
Source: embed_bcxt.zip.5.dr	Zip Entry: assets/index-8e5ef939.js

Contains functionality to call native functions

Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Code function: 12_2_00CEF920 GetModuleHandleW,GetProcAddress,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,NtQueryInformationProcess,GetCurrentProcess,NtQueryInformationProcess,	12_2_00CEF920
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Code function: 12_2_00CEBDA0 NtQueryInformationProcess,GetModuleHandleW,GetProcAddress,GetLastError,GetLastError,NtQueryInformationProcess,Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error,	12_2_00CEBDA0
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Code function: 12_2_00CEBE60 NtQueryInformationProcess,	12_2_00CEBE60

Contains functionality to communicate with device drivers

Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe

Code function: 10_2_00636220: GetCurrentProcessId,GetCurrentThreadId,CryptAcquireContextW,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,DeviceIoControl,DeviceIoControl,

10_2_00636220

Contains functionality to launch a process as a different user

Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe

Code function: 12_2_00CED120 DuplicateTokenEx,CreateProcessAsUserW,CloseHandle,GetLastError,Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error,GetLastError,Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error,GetLastError,

12_2_00CED120

Contains functionality to shutdown / reboot the system

Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe

Code function: 5_2_004034A5 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,ExitProcess,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,

5_2_004034A5

Creates files inside the system directory

Source: C:\Windows\System32\svchost.exe

File created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

Detected potential crypto function

Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Code function: 5_2_00404DCC	5_2_00404DCC
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Code function: 5_2_00406AF2	5_2_00406AF2
Source: C:\Users\user\AppData\Local\Temp\nscA1E4.tmp\BitComet_stats.exe	Code function: 8_2_0040AC10	8_2_0040AC10
Source: C:\Users\user\AppData\Local\Temp\nscA1E4.tmp\BitComet_stats.exe	Code function: 8_2_0040AED7	8_2_0040AED7
Source: C:\Users\user\AppData\Local\Temp\nscA1E4.tmp\BitComet_stats.exe	Code function: 8_2_0040B77E	8_2_0040B77E
Source: C:\Users\user\AppData\Local\Temp\nscA1E4.tmp\BitComet_stats.exe	Code function: 8_2_0040BB8A	8_2_0040BB8A
Source: C:\Users\user\AppData\Local\Temp\nscA1E4.tmp\BitComet_stats.exe	Code function: 8_2_0040B3AA	8_2_0040B3AA
Source: C:\Users\user\AppData\Local\Temp\nscA1E4.tmp\BitComet_stats.exe	Code function: 8_2_0040BFAA	8_2_0040BFAA
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Code function: 10_2_00634F50	10_2_00634F50
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Code function: 10_2_00638FB0	10_2_00638FB0
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Code function: 10_2_006370D9	10_2_006370D9
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Code function: 10_2_0063F110	10_2_0063F110
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Code function: 10_2_006573B0	10_2_006573B0
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Code function: 10_2_0066D540	10_2_0066D540
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Code function: 10_2_00671840	10_2_00671840
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Code function: 10_2_00653AC0	10_2_00653AC0
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Code function: 10_2_0066FFE0	10_2_0066FFE0
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Code function: 10_2_00668190	10_2_00668190
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Code function: 10_2_006783A0	10_2_006783A0
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Code function: 10_2_0066A540	10_2_0066A540
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Code function: 10_2_00680660	10_2_00680660
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Code function: 10_2_006B8609	10_2_006B8609
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Code function: 10_2_0061A610	10_2_0061A610
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Code function: 10_2_006747C0	10_2_006747C0
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Code function: 10_2_006C68E0	10_2_006C68E0
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Code function: 10_2_006728A0	10_2_006728A0
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Code function: 10_2_006A0919	10_2_006A0919
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Code function: 10_2_006C0992	10_2_006C0992
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Code function: 10_2_006C0AB2	10_2_006C0AB2
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Code function: 10_2_006A0B4B	10_2_006A0B4B
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Code function: 10_2_00612B00	10_2_00612B00
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Code function: 10_2_00676D43	10_2_00676D43
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Code function: 10_2_0069ADD0	10_2_0069ADD0
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Code function: 10_2_006A0DB0	10_2_006A0DB0
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Code function: 10_2_00648EA0	10_2_00648EA0
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Code function: 10_2_0061CF40	10_2_0061CF40
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Code function: 10_2_0066F150	10_2_0066F150
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Code function: 10_2_0065D2C0	10_2_0065D2C0
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Code function: 10_2_006AB340	10_2_006AB340
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Code function: 10_2_006A933A	10_2_006A933A
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Code function: 10_2_00615400	10_2_00615400
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Code function: 10_2_0067B4F0	10_2_0067B4F0
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Code function: 10_2_006B14AF	10_2_006B14AF
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Code function: 10_2_00677602	10_2_00677602
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Code function: 10_2_0061F830	10_2_0061F830
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Code function: 10_2_006BD8E0	10_2_006BD8E0
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Code function: 10_2_006A390B	10_2_006A390B
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Code function: 10_2_00673A30	10_2_00673A30
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Code function: 10_2_0064FB40	10_2_0064FB40
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Code function: 10_2_00643C50	10_2_00643C50
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Code function: 10_2_0063BCB0	10_2_0063BCB0
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Code function: 10_2_00617D10	10_2_00617D10
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe	Code function: 11_2_000A52F0	11_2_000A52F0
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe	Code function: 11_2_000ABB70	11_2_000ABB70
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe	Code function: 11_2_000BC9D0	11_2_000BC9D0
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe	Code function: 11_2_000C126C	11_2_000C126C
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe	Code function: 11_2_000AD340	11_2_000AD340
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe	Code function: 11_2_000AEDE0	11_2_000AEDE0
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe	Code function: 11_2_000BCE7E	11_2_000BCE7E
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe	Code function: 11_2_000B66E4	11_2_000B66E4
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Code function: 12_2_00D2C3C0	12_2_00D2C3C0
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Code function: 12_2_00D1E530	12_2_00D1E530
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Code function: 12_2_00D36780	12_2_00D36780
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Code function: 12_2_00D3AC40	12_2_00D3AC40
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Code function: 12_2_00D00F00	12_2_00D00F00
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Code function: 12_2_00D3D1D0	12_2_00D3D1D0
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Code function: 12_2_00D45230	12_2_00D45230
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Code function: 12_2_00D1B420	12_2_00D1B420
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Code function: 12_2_00D35CA0	12_2_00D35CA0
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Code function: 12_2_00D5FFB0	12_2_00D5FFB0
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Code function: 12_2_00D06060	12_2_00D06060
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Code function: 12_2_00D96148	12_2_00D96148
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Code function: 12_2_00CE0270	12_2_00CE0270
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Code function: 12_2_00CE2390	12_2_00CE2390
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Code function: 12_2_00CEA370	12_2_00CEA370
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Code function: 12_2_00D5C5C0	12_2_00D5C5C0
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Code function: 12_2_00DA85FD	12_2_00DA85FD
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Code function: 12_2_00D8C5E3	12_2_00D8C5E3
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Code function: 12_2_00D02500	12_2_00D02500
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Code function: 12_2_00CCC530	12_2_00CCC530
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Code function: 12_2_00D68880	12_2_00D68880
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Code function: 12_2_00CCA8B0	12_2_00CCA8B0
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Code function: 12_2_00CE29D0	12_2_00CE29D0
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Code function: 12_2_00CDE940	12_2_00CDE940
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Code function: 12_2_00D2A960	12_2_00D2A960
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Code function: 12_2_00CE4AC0	12_2_00CE4AC0
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Code function: 12_2_00D38CA0	12_2_00D38CA0
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Code function: 12_2_00D8AC00	12_2_00D8AC00
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Code function: 12_2_00D5CD00	12_2_00D5CD00
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Code function: 12_2_00D42D20	12_2_00D42D20
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Code function: 12_2_00D84E40	12_2_00D84E40
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Code function: 12_2_00DB0F43	12_2_00DB0F43
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Code function: 12_2_00CC1000	12_2_00CC1000
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Code function: 12_2_00D81180	12_2_00D81180
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Code function: 12_2_00D1D210	12_2_00D1D210
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Code function: 12_2_00D5F210	12_2_00D5F210
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Code function: 12_2_00DA9383	12_2_00DA9383
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Code function: 12_2_00CE3320	12_2_00CE3320
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Code function: 12_2_00D414D0	12_2_00D414D0
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Code function: 12_2_00CE1400	12_2_00CE1400
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Code function: 12_2_00D81400	12_2_00D81400
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Code function: 12_2_00D9D6B0	12_2_00D9D6B0
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Code function: 12_2_00D0D6A0	12_2_00D0D6A0
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Code function: 12_2_00D81750	12_2_00D81750
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Code function: 12_2_00D9B702	12_2_00D9B702
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Code function: 12_2_00D1D8C0	12_2_00D1D8C0
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Code function: 12_2_00CDD950	12_2_00CDD950
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Code function: 12_2_00D2FAD0	12_2_00D2FAD0
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Code function: 12_2_00CE5AB0	12_2_00CE5AB0
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Code function: 12_2_00D5DBD0	12_2_00D5DBD0
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Code function: 12_2_00D25B20	12_2_00D25B20
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Code function: 12_2_00D61C50	12_2_00D61C50
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Code function: 12_2_00CFBC30	12_2_00CFBC30
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Code function: 12_2_00D5BD80	12_2_00D5BD80
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Code function: 12_2_00D95DBA	12_2_00D95DBA
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Code function: 12_2_00D85EE0	12_2_00D85EE0
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Code function: 12_2_00D85FD0	12_2_00D85FD0
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Code function: 12_2_00CF9FF0	12_2_00CF9FF0
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Code function: 12_2_00CDDF80	12_2_00CDDF80
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Code function: 12_2_00CE1F10	12_2_00CE1F10
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Code function: 12_2_00CCBF20	12_2_00CCBF20
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Code function: 12_2_00D13F20	12_2_00D13F20

Found potential string decryption / allocating functions

Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Code function: String function: 00CE7460 appears 92 times
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Code function: String function: 00CD8750 appears 52 times
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Code function: String function: 00D6D5B0 appears 41 times
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Code function: String function: 00CE8120 appears 36 times
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Code function: String function: 00698713 appears 374 times
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Code function: String function: 00698DFE appears 111 times
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Code function: String function: 00621BE0 appears 67 times
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Code function: String function: 006B4231 appears 31 times
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Code function: String function: 006985BF appears 56 times
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Code function: String function: 00698E31 appears 79 times
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Code function: String function: 00658650 appears 192 times
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Code function: String function: 00699600 appears 61 times

One or more processes crash

Source: C:\Windows\System32\svchost.exe

Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 6740 -ip 6740

PE file contains executable resources (Code or Archives)

Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp.0.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: BitComet.exe.5.dr	Static PE information: Resource name: DLL type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Source: BitComet.exe.5.dr	Static PE information: Resource name: ZIP type: Zip archive data, at least v2.0 to extract, compression method=deflate
Source: BitComet.exe.5.dr	Static PE information: Resource name: ZIP type: Zip archive data, at least v2.0 to extract, compression method=deflate
Source: BitComet.exe.5.dr	Static PE information: Resource name: ZIP type: Zip archive data, at least v2.0 to extract, compression method=deflate
Source: BitComet.exe.5.dr	Static PE information: Resource name: ZIP type: Zip archive data, at least v2.0 to extract, compression method=deflate
Source: BitComet.exe.5.dr	Static PE information: Resource name: ZIP type: Zip archive data, at least v2.0 to extract, compression method=deflate
Source: BitComet.exe.5.dr	Static PE information: Resource name: ZIP type: Zip archive data, at least v2.0 to extract, compression method=deflate
Source: BitComet.exe.5.dr	Static PE information: Resource name: ZIP type: Zip archive data, at least v2.0 to extract, compression method=deflate
Source: installer.exe.10.dr	Static PE information: Resource name: PAYLOAD type: Microsoft Cabinet archive data, many, 28277285 bytes, 132 files, at 0x2c +A "analyticsmanager.cab" +A "analyticstelemetry.cab", number 1, 993 datablocks, 0x1 compression
Source: aswOfferTool.exe.39.dr	Static PE information: Resource name: FILE type: PE32 executable (DLL) (console) Intel 80386, for MS Windows
Source: installer.exe.40.dr	Static PE information: Resource name: DLL type: PE32+ executable (DLL) (GUI) x86-64, for MS Windows

PE file contains more sections than normal

Source: WebView2Loader.dll.5.dr

Static PE information: Number of sections : 12 > 10

PE file does not import any functions

Source: resource.dll.40.dr

Static PE information: No import functions for PE file found

Sample file is different than original file name gathered from version info

Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.exe, 00000000.00000003.1700603344.000000007FB50000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFileName vs SecuriteInfo.com.Riskware.OfferCore.5002.4698.exe
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.exe, 00000000.00000003.2649478318.00000000022D8000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamekernel32j% vs SecuriteInfo.com.Riskware.OfferCore.5002.4698.exe
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.exe, 00000000.00000003.1698345675.00000000026B0000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFileName vs SecuriteInfo.com.Riskware.OfferCore.5002.4698.exe
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.exe, 00000000.00000000.1694935808.00000000004C6000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFileName vs SecuriteInfo.com.Riskware.OfferCore.5002.4698.exe

Uses 32bit PE files

Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

query blbeacon for getting browser version

Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp

Key value queried: HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon version

Jump to behavior

Source: classification engine

Classification label: mal46.rans.troj.evad.winEXE@65/491@81/16

Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Code function: 5_2_004034A5 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,ExitProcess,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,		5_2_004034A5
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Code function: 12_2_00CEFAA0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,CloseHandle,		12_2_00CEFAA0

Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe

Code function: 5_2_00404850 GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,

5_2_00404850

Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe

Code function: 10_2_00624C8E GetCurrentProcessId,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,FindCloseChangeNotification,

10_2_00624C8E

Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe

Code function: 5_2_00402104 CoCreateInstance,

5_2_00402104

Source: C:\Users\user\AppData\Local\Temp\nscA1E4.tmp\BitComet_stats.exe

Code function: 8_2_00409D65 FindResourceW,FindResourceW,LoadResource,LoadResource,LockResource,FindResourceW,LoadResource,LockResource,GetWindow,GlobalAlloc,GlobalLock,GlobalUnlock,CreateStreamOnHGlobal,MapDialogRect,SetWindowContextHelpId,SetWindowPos,SysFreeString,GetWindow,SysFreeString,

8_2_00409D65

Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe

File created: C:\Program Files\BitComet

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp

File created: C:\Users\user\AppData\Local\Programs

Jump to behavior

Source: C:\Program Files\BitComet\tools\UPNP.exe	Mutant created: \Sessions\1\BaseNamedObjects\{UPNP-ICF-A4AFA740-F3D0-4efc-B4BA-86948F1185D5}
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Mutant created: \Sessions\1\BaseNamedObjects\{08eb55fb-ff61-4fb7-8e9d-c036008acc06}Installer
Source: C:\Program Files\BitComet\tools\UPNP.exe	Mutant created: NULL
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Mutant created: \Sessions\1\BaseNamedObjects\Global\{08eb55fb-ff61-4fb7-8e9d-c036008acc06}Installer
Source: C:\Program Files\BitComet\tools\UPNP.exe	Mutant created: \Sessions\1\BaseNamedObjects\{UPNP-NAT-0C3AE491-163B-4752-A532-E2383776602D}
Source: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\common\icarus.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\e5d51690dec58ca5e0a518c5e0dea31c
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\{48ca68e-e4ff-43ac-a993-6d162f33de7c}
Source: C:\Program Files\BitComet\BitComet.exe	Mutant created: \Sessions\1\BaseNamedObjects\75DAD82D-A77F-49e5-ADD3-8F11C1940689
Source: C:\Program Files\BitComet\BitComet.exe	Mutant created: \Sessions\1\BaseNamedObjects\{SIMPLEBT-53DE14D9-A616-4ff0-BA62-9DF424D0665C}
Source: C:\Program Files\BitComet\tools\BitCometService.exe	Mutant created: \BaseNamedObjects\75DAD82D-A77F-49e5-ADD3-8F11C1940689
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\{32B25EF2-80FD-4C66-97E1-0890D9E9F87B}
Source: C:\Program Files\BitComet\BitComet.exe	Mutant created: \Sessions\1\BaseNamedObjects\{SIMPLEBT-D19EACFB-5FD1-4615-A179-A9B9E38A6506}
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6740
Source: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\common\icarus.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\494f9fb603da4b2ac88f6f0b075abb5e

Source: C:\Users\user\Desktop\SecuriteInfo.com.Riskware.OfferCore.5002.4698.exe

File created: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe	Command line argument: /silent	11_2_000A52F0
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe	Command line argument: /cookie	11_2_000A52F0
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe	Command line argument: /ppi_icd	11_2_000A52F0
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe	Command line argument: /cust_ini	11_2_000A52F0
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe	Command line argument: Enabled	11_2_000A52F0
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe	Command line argument: ProxySettings	11_2_000A52F0
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe	Command line argument: ProxyType	11_2_000A52F0
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe	Command line argument: ProxySettings	11_2_000A52F0
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe	Command line argument: ProxySettings	11_2_000A52F0
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe	Command line argument: Port	11_2_000A52F0
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe	Command line argument: ProxySettings	11_2_000A52F0
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe	Command line argument: User	11_2_000A52F0
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe	Command line argument: ProxySettings	11_2_000A52F0
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe	Command line argument: Password	11_2_000A52F0
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe	Command line argument: ProxySettings	11_2_000A52F0
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe	Command line argument: ProxySettings	11_2_000A52F0
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe	Command line argument: Properties	11_2_000A52F0
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe	Command line argument: /smbupd	11_2_000A52F0
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe	Command line argument: enable	11_2_000A52F0
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe	Command line argument: mirror	11_2_000A52F0
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe	Command line argument: count	11_2_000A52F0
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe	Command line argument: servers	11_2_000A52F0
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe	Command line argument: urlpgm	11_2_000A52F0
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe	Command line argument: server0	11_2_000A52F0
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe	Command line argument: http://	11_2_000A52F0
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe	Command line argument: https://	11_2_000A52F0
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe	Command line argument: allow_fallback	11_2_000A52F0
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe	Command line argument: mirror	11_2_000A52F0
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe	Command line argument: installer.exe	11_2_000A52F0
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe	Command line argument: {versionSwitch}	11_2_000A52F0
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe	Command line argument: stable	11_2_000A52F0
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe	Command line argument: %s\%s	11_2_000A52F0

Source: C:\Users\user\Desktop\SecuriteInfo.com.Riskware.OfferCore.5002.4698.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Riskware.OfferCore.5002.4698.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Riskware.OfferCore.5002.4698.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganization

Jump to behavior

Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\common\icarus.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\common\icarus.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\common\icarus.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\common\icarus.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\common\icarus.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\common\icarus.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\common\icarus.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\common\icarus.exe	File read: C:\Windows\System32\drivers\etc\hosts

Source: BitComet.exe, 0000000D.00000002.2420857876.00007FF664E1C000.00000002.00000001.01000000.00000019.sdmp, BitComet.exe, 0000000D.00000000.2403166450.00007FF664E1C000.00000002.00000001.01000000.00000019.sdmp	Binary or memory string: SELECT 'INSERT INTO vacuum_db.' \|\| quote(name) \|\| ' SELECT * FROM main.' \|\| quote(name) \|\| ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
Source: BitComet.exe, 0000000D.00000002.2420857876.00007FF664E1C000.00000002.00000001.01000000.00000019.sdmp, BitComet.exe, 0000000D.00000000.2403166450.00007FF664E1C000.00000002.00000001.01000000.00000019.sdmp	Binary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
Source: BitComet.exe, 0000000D.00000002.2420857876.00007FF664E1C000.00000002.00000001.01000000.00000019.sdmp, BitComet.exe, 0000000D.00000000.2403166450.00007FF664E1C000.00000002.00000001.01000000.00000019.sdmp	Binary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q AND (type='table' OR type='index' OR type='trigger');
Source: BitComet.exe, 0000000D.00000002.2420857876.00007FF664E1C000.00000002.00000001.01000000.00000019.sdmp, BitComet.exe, 0000000D.00000000.2403166450.00007FF664E1C000.00000002.00000001.01000000.00000019.sdmp	Binary or memory string: SELECT 'INSERT INTO vacuum_db.' \|\| quote(name) \|\| ' SELECT * FROM main.' \|\| quote(name) \|\| ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND rootpage>0
Source: BitComet.exe, 0000000D.00000002.2420857876.00007FF664E1C000.00000002.00000001.01000000.00000019.sdmp, BitComet.exe, 0000000D.00000000.2403166450.00007FF664E1C000.00000002.00000001.01000000.00000019.sdmp	Binary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
Source: BitComet.exe, 0000000D.00000002.2420857876.00007FF664E1C000.00000002.00000001.01000000.00000019.sdmp, BitComet.exe, 0000000D.00000000.2403166450.00007FF664E1C000.00000002.00000001.01000000.00000019.sdmp	Binary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
Source: BitComet.exe, 0000000D.00000002.2420857876.00007FF664E1C000.00000002.00000001.01000000.00000019.sdmp, BitComet.exe, 0000000D.00000000.2403166450.00007FF664E1C000.00000002.00000001.01000000.00000019.sdmp	Binary or memory string: SELECT 'DELETE FROM vacuum_db.' \|\| quote(name) \|\| ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'

Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.exe

ReversingLabs: Detection: 18%

Source: BitComet_2.08a_setup.exe	String found in binary or memory: "C:\Users\user\AppData\Local\Temp\nscA1E4.tmp\BitComet_stats.exe" https://www.bitcomet.com/client/install-stats/?l=en_us&file=Bit
Source: BitComet_2.08a_setup.exe	String found in binary or memory: C:\Users\user\AppData\Local\Temp\nscA1E4.tmp\BitComet_stats.exe" https://www.bitcomet.com/client/install-stats/?l=en_us&file=BitC

Source: C:\Users\user\Desktop\SecuriteInfo.com.Riskware.OfferCore.5002.4698.exe

File read: C:\Users\user\Desktop\SecuriteInfo.com.Riskware.OfferCore.5002.4698.exe

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\nscA1E4.tmp\BitComet_stats.exe

Evasive API call chain: GetCommandLine,DecisionNodes,ExitProcess

graph_8-6208

Source: unknown	Process created: C:\Users\user\Desktop\SecuriteInfo.com.Riskware.OfferCore.5002.4698.exe "C:\Users\user\Desktop\SecuriteInfo.com.Riskware.OfferCore.5002.4698.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Riskware.OfferCore.5002.4698.exe	Process created: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp "C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp" /SL5="$10418,1635575,878080,C:\Users\user\Desktop\SecuriteInfo.com.Riskware.OfferCore.5002.4698.exe"
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Process created: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe "C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe" /S
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Process created: C:\Program Files\BitComet\tools\BitCometService.exe "C:\Program Files\BitComet\tools\BitCometService.exe" /reg
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Process created: C:\Users\user\AppData\Local\Temp\nscA1E4.tmp\BitComet_stats.exe "C:\Users\user\AppData\Local\Temp\nscA1E4.tmp\BitComet_stats.exe" https://www.bitcomet.com/client/install-stats/?l=en_us&file=BitComet_2.08a_setup.exe&p=x64
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Process created: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe "C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe" /affid 91088 PaidDistribution=true CountryCode=US
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Process created: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe "C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe" /silent /ws /psh:92pTu5fbOaMVqHXWzRazGwcsjZOgyQNZV0BXrS1y4TWZ27PXSitlzA5vE30PraTCAoRM4emN7pEfhI
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe	Process created: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe "C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe" /silent /ws /psh:92pTu5fbOaMVqHXWzRazGwcsjZOgyQNZV0BXrS1y4TWZ27PXSitlzA5vE30PraTCAoRM4emN7pEfhI /cookie:mmm_irs_ppi_902_451_o /ga_clientid:1840c678-d62a-4945-8e4f-36eaf3f0c4a5 /edat_dir:C:\Windows\Temp\asw.481015ae89dc80a3
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Process created: C:\Program Files\BitComet\BitComet.exe "C:\Program Files\BitComet\BitComet.exe" --no_elevated
Source: unknown	Process created: C:\Program Files\BitComet\BitComet.exe "C:\Program Files\BitComet\BitComet.exe"
Source: unknown	Process created: C:\Program Files\BitComet\tools\BitCometService.exe "C:\Program Files\BitComet\tools\BitCometService.exe" -service
Source: C:\Program Files\BitComet\BitComet.exe	Process created: C:\Program Files\BitComet\tools\UPNP.exe "C:\Program Files\BitComet\tools\UPNP.exe" -addfw -app BitComet -tcpport 9652 -udpport 9652 -q
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k WerSvcGroup
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 6740 -ip 6740
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6740 -s 968
Source: C:\Program Files\BitComet\BitComet.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=BitComet.exe --webview-exe-version=2.08 --user-data-dir="C:\Users\user\AppData\Local\BitComet\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=6032.3612.7348265561393428437
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\user\AppData\Local\BitComet\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\user\AppData\Local\BitComet\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=117.0.2045.47 --initial-client-data=0x15c,0x160,0x164,0x138,0x170,0x7ffdfab78e88,0x7ffdfab78e98,0x7ffdfab78ea8
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\BitComet\EBWebView" --webview-exe-name=BitComet.exe --webview-exe-version=2.08 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2484 --field-trial-handle=2496,i,9344401132103162842,1077608115730467345,262144 --enable-features=MojoIpcz /prefetch:2
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\BitComet\EBWebView" --webview-exe-name=BitComet.exe --webview-exe-version=2.08 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2924 --field-trial-handle=2496,i,9344401132103162842,1077608115730467345,262144 --enable-features=MojoIpcz /prefetch:3
Source: C:\Program Files\BitComet\BitComet.exe	Process created: C:\Program Files\BitComet\tools\UPNP.exe "C:\Program Files\BitComet\tools\UPNP.exe" -add -app BitComet -lanip 192.168.2.4 -tcpport 9652 -udpport 9652 -q
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\BitComet\EBWebView" --webview-exe-name=BitComet.exe --webview-exe-version=2.08 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2920 --field-trial-handle=2496,i,9344401132103162842,1077608115730467345,262144 --enable-features=MojoIpcz /prefetch:8
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\BitComet\EBWebView" --webview-exe-name=BitComet.exe --webview-exe-version=2.08 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --disable-nacl --first-renderer-process --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1721324864909880 --launch-time-ticks=6693313984 --mojo-platform-channel-handle=3272 --field-trial-handle=2496,i,9344401132103162842,1077608115730467345,262144 --enable-features=MojoIpcz /prefetch:1
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\BitComet\EBWebView" --webview-exe-name=BitComet.exe --webview-exe-version=2.08 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --disable-nacl --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1721324864909880 --launch-time-ticks=6693485965 --mojo-platform-channel-handle=3588 --field-trial-handle=2496,i,9344401132103162842,1077608115730467345,262144 --enable-features=MojoIpcz /prefetch:1
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\BitComet\EBWebView" --webview-exe-name=BitComet.exe --webview-exe-version=2.08 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --disable-nacl --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1721324864909880 --launch-time-ticks=6693635288 --mojo-platform-channel-handle=3776 --field-trial-handle=2496,i,9344401132103162842,1077608115730467345,262144 --enable-features=MojoIpcz /prefetch:1
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\BitComet\EBWebView" --webview-exe-name=BitComet.exe --webview-exe-version=2.08 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --disable-nacl --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1721324864909880 --launch-time-ticks=6693754114 --mojo-platform-channel-handle=4048 --field-trial-handle=2496,i,9344401132103162842,1077608115730467345,262144 --enable-features=MojoIpcz /prefetch:1
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\BitComet\EBWebView" --webview-exe-name=BitComet.exe --webview-exe-version=2.08 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --disable-nacl --disable-gpu-compositing --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1721324864909880 --launch-time-ticks=6697808392 --mojo-platform-channel-handle=4692 --field-trial-handle=2496,i,9344401132103162842,1077608115730467345,262144 --enable-features=MojoIpcz /prefetch:1
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\BitComet\EBWebView" --webview-exe-name=BitComet.exe --webview-exe-version=2.08 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --disable-nacl --disable-gpu-compositing --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1721324864909880 --launch-time-ticks=6698303265 --mojo-platform-channel-handle=4760 --field-trial-handle=2496,i,9344401132103162842,1077608115730467345,262144 --enable-features=MojoIpcz /prefetch:1
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 6740 -ip 6740
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6740 -s 968
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Process created: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\common\icarus.exe C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\common\icarus.exe /icarus-info-path:C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\icarus-info.xml /install /silent /ws /psh:92pTu5fbOaMVqHXWzRazGwcsjZOgyQNZV0BXrS1y4TWZ27PXSitlzA5vE30PraTCAoRM4emN7pEfhI /cookie:mmm_irs_ppi_902_451_o /edat_dir:C:\Windows\Temp\asw.481015ae89dc80a3 /track-guid:1840c678-d62a-4945-8e4f-36eaf3f0c4a5
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Process created: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe "C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\\installer.exe" /setOem:Affid=91088 /s /thirdparty /upgrade
Source: C:\Users\user\Desktop\SecuriteInfo.com.Riskware.OfferCore.5002.4698.exe	Process created: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp "C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp" /SL5="$10418,1635575,878080,C:\Users\user\Desktop\SecuriteInfo.com.Riskware.OfferCore.5002.4698.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Process created: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe "C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe" /S	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Process created: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe "C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe" /affid 91088 PaidDistribution=true CountryCode=US	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Process created: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe "C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe" /silent /ws /psh:92pTu5fbOaMVqHXWzRazGwcsjZOgyQNZV0BXrS1y4TWZ27PXSitlzA5vE30PraTCAoRM4emN7pEfhI	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Process created: C:\Program Files\BitComet\BitComet.exe "C:\Program Files\BitComet\BitComet.exe" --no_elevated	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Process created: C:\Program Files\BitComet\tools\BitCometService.exe "C:\Program Files\BitComet\tools\BitCometService.exe" /reg	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Process created: C:\Users\user\AppData\Local\Temp\nscA1E4.tmp\BitComet_stats.exe "C:\Users\user\AppData\Local\Temp\nscA1E4.tmp\BitComet_stats.exe" https://www.bitcomet.com/client/install-stats/?l=en_us&file=BitComet_2.08a_setup.exe&p=x64	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Process created: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe "C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\\installer.exe" /setOem:Affid=91088 /s /thirdparty /upgrade	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe	Process created: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe "C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe" /silent /ws /psh:92pTu5fbOaMVqHXWzRazGwcsjZOgyQNZV0BXrS1y4TWZ27PXSitlzA5vE30PraTCAoRM4emN7pEfhI /cookie:mmm_irs_ppi_902_451_o /ga_clientid:1840c678-d62a-4945-8e4f-36eaf3f0c4a5 /edat_dir:C:\Windows\Temp\asw.481015ae89dc80a3
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Process created: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\common\icarus.exe C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\common\icarus.exe /icarus-info-path:C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\icarus-info.xml /install /silent /ws /psh:92pTu5fbOaMVqHXWzRazGwcsjZOgyQNZV0BXrS1y4TWZ27PXSitlzA5vE30PraTCAoRM4emN7pEfhI /cookie:mmm_irs_ppi_902_451_o /edat_dir:C:\Windows\Temp\asw.481015ae89dc80a3 /track-guid:1840c678-d62a-4945-8e4f-36eaf3f0c4a5
Source: C:\Program Files\BitComet\BitComet.exe	Process created: C:\Program Files\BitComet\tools\UPNP.exe "C:\Program Files\BitComet\tools\UPNP.exe" -addfw -app BitComet -tcpport 9652 -udpport 9652 -q
Source: C:\Program Files\BitComet\BitComet.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=BitComet.exe --webview-exe-version=2.08 --user-data-dir="C:\Users\user\AppData\Local\BitComet\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=6032.3612.7348265561393428437
Source: C:\Program Files\BitComet\BitComet.exe	Process created: C:\Program Files\BitComet\tools\UPNP.exe "C:\Program Files\BitComet\tools\UPNP.exe" -add -app BitComet -lanip 192.168.2.4 -tcpport 9652 -udpport 9652 -q
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 6740 -ip 6740
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6740 -s 968
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 6740 -ip 6740
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6740 -s 968
Source: C:\Windows\SysWOW64\WerFault.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\user\AppData\Local\BitComet\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\user\AppData\Local\BitComet\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=117.0.2045.47 --initial-client-data=0x15c,0x160,0x164,0x138,0x170,0x7ffdfab78e88,0x7ffdfab78e98,0x7ffdfab78ea8
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\BitComet\EBWebView" --webview-exe-name=BitComet.exe --webview-exe-version=2.08 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2484 --field-trial-handle=2496,i,9344401132103162842,1077608115730467345,262144 --enable-features=MojoIpcz /prefetch:2
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\BitComet\EBWebView" --webview-exe-name=BitComet.exe --webview-exe-version=2.08 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2924 --field-trial-handle=2496,i,9344401132103162842,1077608115730467345,262144 --enable-features=MojoIpcz /prefetch:3
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\BitComet\EBWebView" --webview-exe-name=BitComet.exe --webview-exe-version=2.08 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2920 --field-trial-handle=2496,i,9344401132103162842,1077608115730467345,262144 --enable-features=MojoIpcz /prefetch:8
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\BitComet\EBWebView" --webview-exe-name=BitComet.exe --webview-exe-version=2.08 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --disable-nacl --first-renderer-process --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1721324864909880 --launch-time-ticks=6693313984 --mojo-platform-channel-handle=3272 --field-trial-handle=2496,i,9344401132103162842,1077608115730467345,262144 --enable-features=MojoIpcz /prefetch:1
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\BitComet\EBWebView" --webview-exe-name=BitComet.exe --webview-exe-version=2.08 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --disable-nacl --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1721324864909880 --launch-time-ticks=6693485965 --mojo-platform-channel-handle=3588 --field-trial-handle=2496,i,9344401132103162842,1077608115730467345,262144 --enable-features=MojoIpcz /prefetch:1
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\BitComet\EBWebView" --webview-exe-name=BitComet.exe --webview-exe-version=2.08 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --disable-nacl --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1721324864909880 --launch-time-ticks=6693635288 --mojo-platform-channel-handle=3776 --field-trial-handle=2496,i,9344401132103162842,1077608115730467345,262144 --enable-features=MojoIpcz /prefetch:1
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\BitComet\EBWebView" --webview-exe-name=BitComet.exe --webview-exe-version=2.08 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --disable-nacl --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1721324864909880 --launch-time-ticks=6693754114 --mojo-platform-channel-handle=4048 --field-trial-handle=2496,i,9344401132103162842,1077608115730467345,262144 --enable-features=MojoIpcz /prefetch:1
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\BitComet\EBWebView" --webview-exe-name=BitComet.exe --webview-exe-version=2.08 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --disable-nacl --disable-gpu-compositing --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1721324864909880 --launch-time-ticks=6697808392 --mojo-platform-channel-handle=4692 --field-trial-handle=2496,i,9344401132103162842,1077608115730467345,262144 --enable-features=MojoIpcz /prefetch:1
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\BitComet\EBWebView" --webview-exe-name=BitComet.exe --webview-exe-version=2.08 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --disable-nacl --disable-gpu-compositing --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1721324864909880 --launch-time-ticks=6698303265 --mojo-platform-channel-handle=4760 --field-trial-handle=2496,i,9344401132103162842,1077608115730467345,262144 --enable-features=MojoIpcz /prefetch:1
Source: C:\Windows\SysWOW64\WerFault.exe	Process created: unknown unknown
Source: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\common\icarus.exe	Process created: unknown unknown
Source: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\common\icarus.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Process created: unknown unknown

Source: C:\Users\user\Desktop\SecuriteInfo.com.Riskware.OfferCore.5002.4698.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Riskware.OfferCore.5002.4698.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Riskware.OfferCore.5002.4698.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Riskware.OfferCore.5002.4698.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Riskware.OfferCore.5002.4698.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Section loaded: winhttpcom.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Section loaded: msftedit.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Section loaded: windows.globalization.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Section loaded: bcp47mrm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Section loaded: globinputhost.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Section loaded: dataexchange.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Section loaded: d3d11.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Section loaded: zipfldr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Section loaded: windows.fileexplorer.common.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Section loaded: shdocvw.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Section loaded: oledlg.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Section loaded: oledlg.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Section loaded: oledlg.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Section loaded: oledlg.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Section loaded: oledlg.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Section loaded: oledlg.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Section loaded: oledlg.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Section loaded: oledlg.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Section loaded: oledlg.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Section loaded: firewallapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Section loaded: fwbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Section loaded: fwpolicyiomgr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Section loaded: oledlg.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: licensemanagersvc.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: licensemanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: clipc.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Program Files\BitComet\tools\BitCometService.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Program Files\BitComet\tools\BitCometService.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Program Files\BitComet\tools\BitCometService.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Program Files\BitComet\tools\BitCometService.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Program Files\BitComet\tools\BitCometService.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nscA1E4.tmp\BitComet_stats.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nscA1E4.tmp\BitComet_stats.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nscA1E4.tmp\BitComet_stats.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nscA1E4.tmp\BitComet_stats.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nscA1E4.tmp\BitComet_stats.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nscA1E4.tmp\BitComet_stats.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nscA1E4.tmp\BitComet_stats.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nscA1E4.tmp\BitComet_stats.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nscA1E4.tmp\BitComet_stats.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nscA1E4.tmp\BitComet_stats.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nscA1E4.tmp\BitComet_stats.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nscA1E4.tmp\BitComet_stats.exe	Section loaded: dataexchange.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nscA1E4.tmp\BitComet_stats.exe	Section loaded: d3d11.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nscA1E4.tmp\BitComet_stats.exe	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nscA1E4.tmp\BitComet_stats.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nscA1E4.tmp\BitComet_stats.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nscA1E4.tmp\BitComet_stats.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nscA1E4.tmp\BitComet_stats.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nscA1E4.tmp\BitComet_stats.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nscA1E4.tmp\BitComet_stats.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nscA1E4.tmp\BitComet_stats.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nscA1E4.tmp\BitComet_stats.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nscA1E4.tmp\BitComet_stats.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nscA1E4.tmp\BitComet_stats.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nscA1E4.tmp\BitComet_stats.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nscA1E4.tmp\BitComet_stats.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nscA1E4.tmp\BitComet_stats.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nscA1E4.tmp\BitComet_stats.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nscA1E4.tmp\BitComet_stats.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nscA1E4.tmp\BitComet_stats.exe	Section loaded: msiso.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nscA1E4.tmp\BitComet_stats.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nscA1E4.tmp\BitComet_stats.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nscA1E4.tmp\BitComet_stats.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nscA1E4.tmp\BitComet_stats.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nscA1E4.tmp\BitComet_stats.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nscA1E4.tmp\BitComet_stats.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nscA1E4.tmp\BitComet_stats.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nscA1E4.tmp\BitComet_stats.exe	Section loaded: mshtml.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nscA1E4.tmp\BitComet_stats.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nscA1E4.tmp\BitComet_stats.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nscA1E4.tmp\BitComet_stats.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nscA1E4.tmp\BitComet_stats.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nscA1E4.tmp\BitComet_stats.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nscA1E4.tmp\BitComet_stats.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nscA1E4.tmp\BitComet_stats.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Section loaded: acgenral.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Section loaded: msacm32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Section loaded: cryptnet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe	Section loaded: netprofm.dll
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe	Section loaded: npmproxy.dll
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe	Section loaded: webio.dll
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe	Section loaded: schannel.dll
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe	Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe	Section loaded: apphelp.dll
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Section loaded: version.dll
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Section loaded: windows.storage.dll
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Section loaded: wldp.dll
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Section loaded: profapi.dll
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Section loaded: cryptsp.dll
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Section loaded: rsaenh.dll
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Section loaded: cryptbase.dll
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Section loaded: dpapi.dll
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Section loaded: winhttp.dll
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Section loaded: mswsock.dll
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Section loaded: winnsi.dll
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Section loaded: webio.dll
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Section loaded: sspicli.dll
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Section loaded: dnsapi.dll
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Section loaded: schannel.dll
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Section loaded: mskeyprotect.dll
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Section loaded: ntasn1.dll
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Section loaded: ncrypt.dll
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Section loaded: ncryptsslp.dll
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Section loaded: msasn1.dll
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Section loaded: gpapi.dll
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Section loaded: ntmarta.dll
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Section loaded: apphelp.dll
Source: C:\Program Files\BitComet\BitComet.exe	Section loaded: apphelp.dll
Source: C:\Program Files\BitComet\BitComet.exe	Section loaded: uxtheme.dll
Source: C:\Program Files\BitComet\BitComet.exe	Section loaded: winmm.dll
Source: C:\Program Files\BitComet\BitComet.exe	Section loaded: urlmon.dll
Source: C:\Program Files\BitComet\BitComet.exe	Section loaded: wininet.dll
Source: C:\Program Files\BitComet\BitComet.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files\BitComet\BitComet.exe	Section loaded: msimg32.dll
Source: C:\Program Files\BitComet\BitComet.exe	Section loaded: version.dll
Source: C:\Program Files\BitComet\BitComet.exe	Section loaded: oleacc.dll
Source: C:\Program Files\BitComet\BitComet.exe	Section loaded: iertutil.dll
Source: C:\Program Files\BitComet\BitComet.exe	Section loaded: srvcli.dll
Source: C:\Program Files\BitComet\BitComet.exe	Section loaded: netutils.dll
Source: C:\Program Files\BitComet\BitComet.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files\BitComet\BitComet.exe	Section loaded: windows.storage.dll
Source: C:\Program Files\BitComet\BitComet.exe	Section loaded: wldp.dll
Source: C:\Program Files\BitComet\BitComet.exe	Section loaded: profapi.dll
Source: C:\Program Files\BitComet\BitComet.exe	Section loaded: dbghelp.dll
Source: C:\Program Files\BitComet\BitComet.exe	Section loaded: taskschd.dll
Source: C:\Program Files\BitComet\BitComet.exe	Section loaded: sspicli.dll
Source: C:\Program Files\BitComet\BitComet.exe	Section loaded: xmllite.dll
Source: C:\Program Files\BitComet\BitComet.exe	Section loaded: uxtheme.dll
Source: C:\Program Files\BitComet\BitComet.exe	Section loaded: winmm.dll
Source: C:\Program Files\BitComet\BitComet.exe	Section loaded: urlmon.dll
Source: C:\Program Files\BitComet\BitComet.exe	Section loaded: wininet.dll
Source: C:\Program Files\BitComet\BitComet.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files\BitComet\BitComet.exe	Section loaded: msimg32.dll
Source: C:\Program Files\BitComet\BitComet.exe	Section loaded: version.dll
Source: C:\Program Files\BitComet\BitComet.exe	Section loaded: oleacc.dll
Source: C:\Program Files\BitComet\BitComet.exe	Section loaded: iertutil.dll
Source: C:\Program Files\BitComet\BitComet.exe	Section loaded: srvcli.dll
Source: C:\Program Files\BitComet\BitComet.exe	Section loaded: netutils.dll
Source: C:\Program Files\BitComet\BitComet.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files\BitComet\BitComet.exe	Section loaded: windows.storage.dll
Source: C:\Program Files\BitComet\BitComet.exe	Section loaded: wldp.dll
Source: C:\Program Files\BitComet\BitComet.exe	Section loaded: profapi.dll
Source: C:\Program Files\BitComet\BitComet.exe	Section loaded: dbghelp.dll
Source: C:\Program Files\BitComet\BitComet.exe	Section loaded: mswsock.dll
Source: C:\Program Files\BitComet\BitComet.exe	Section loaded: cryptsp.dll
Source: C:\Program Files\BitComet\BitComet.exe	Section loaded: rsaenh.dll
Source: C:\Program Files\BitComet\BitComet.exe	Section loaded: cryptbase.dll
Source: C:\Program Files\BitComet\BitComet.exe	Section loaded: sspicli.dll
Source: C:\Program Files\BitComet\BitComet.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files\BitComet\BitComet.exe	Section loaded: winhttp.dll
Source: C:\Program Files\BitComet\BitComet.exe	Section loaded: winnsi.dll
Source: C:\Program Files\BitComet\BitComet.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Program Files\BitComet\BitComet.exe	Section loaded: dhcpcsvc.dll
Source: C:\Program Files\BitComet\BitComet.exe	Section loaded: dnsapi.dll
Source: C:\Program Files\BitComet\BitComet.exe	Section loaded: rasadhlp.dll
Source: C:\Program Files\BitComet\BitComet.exe	Section loaded: fwpuclnt.dll
Source: C:\Program Files\BitComet\BitComet.exe	Section loaded: propsys.dll
Source: C:\Program Files\BitComet\BitComet.exe	Section loaded: edputil.dll
Source: C:\Program Files\BitComet\BitComet.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Program Files\BitComet\BitComet.exe	Section loaded: wintypes.dll
Source: C:\Program Files\BitComet\BitComet.exe	Section loaded: appresolver.dll
Source: C:\Program Files\BitComet\BitComet.exe	Section loaded: bcp47langs.dll
Source: C:\Program Files\BitComet\BitComet.exe	Section loaded: slc.dll
Source: C:\Program Files\BitComet\BitComet.exe	Section loaded: userenv.dll
Source: C:\Program Files\BitComet\BitComet.exe	Section loaded: sppc.dll
Source: C:\Program Files\BitComet\BitComet.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Program Files\BitComet\BitComet.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Program Files\BitComet\BitComet.exe	Section loaded: apphelp.dll
Source: C:\Program Files\BitComet\BitComet.exe	Section loaded: firewallapi.dll
Source: C:\Program Files\BitComet\BitComet.exe	Section loaded: fwbase.dll
Source: C:\Program Files\BitComet\BitComet.exe	Section loaded: fwpolicyiomgr.dll
Source: C:\Program Files\BitComet\BitComet.exe	Section loaded: linkinfo.dll
Source: C:\Program Files\BitComet\BitComet.exe	Section loaded: textshaping.dll
Source: C:\Program Files\BitComet\BitComet.exe	Section loaded: webview2loader.dll
Source: C:\Program Files\BitComet\BitComet.exe	Section loaded: windowscodecs.dll
Source: C:\Program Files\BitComet\BitComet.exe	Section loaded: thumbcache.dll
Source: C:\Program Files\BitComet\BitComet.exe	Section loaded: policymanager.dll
Source: C:\Program Files\BitComet\BitComet.exe	Section loaded: msvcp110_win.dll
Source: C:\Program Files\BitComet\BitComet.exe	Section loaded: dataexchange.dll
Source: C:\Program Files\BitComet\BitComet.exe	Section loaded: d3d11.dll
Source: C:\Program Files\BitComet\BitComet.exe	Section loaded: dcomp.dll
Source: C:\Program Files\BitComet\BitComet.exe	Section loaded: dxgi.dll
Source: C:\Program Files\BitComet\BitComet.exe	Section loaded: twinapi.appcore.dll
Source: C:\Program Files\BitComet\BitComet.exe	Section loaded: textinputframework.dll
Source: C:\Program Files\BitComet\BitComet.exe	Section loaded: coreuicomponents.dll
Source: C:\Program Files\BitComet\BitComet.exe	Section loaded: coremessaging.dll
Source: C:\Program Files\BitComet\BitComet.exe	Section loaded: ntmarta.dll
Source: C:\Program Files\BitComet\BitComet.exe	Section loaded: coremessaging.dll
Source: C:\Program Files\BitComet\BitComet.exe	Section loaded: ntshrui.dll
Source: C:\Program Files\BitComet\BitComet.exe	Section loaded: cscapi.dll
Source: C:\Program Files\BitComet\BitComet.exe	Section loaded: taskflowdataengine.dll
Source: C:\Program Files\BitComet\BitComet.exe	Section loaded: cdp.dll
Source: C:\Program Files\BitComet\BitComet.exe	Section loaded: umpdc.dll
Source: C:\Program Files\BitComet\BitComet.exe	Section loaded: dsreg.dll
Source: C:\Program Files\BitComet\BitComet.exe	Section loaded: dwmapi.dll
Source: C:\Program Files\BitComet\BitComet.exe	Section loaded: explorerframe.dll
Source: C:\Program Files\BitComet\BitComet.exe	Section loaded: dbghelp.dll
Source: C:\Program Files\BitComet\tools\BitCometService.exe	Section loaded: winmm.dll
Source: C:\Program Files\BitComet\tools\BitCometService.exe	Section loaded: version.dll
Source: C:\Program Files\BitComet\tools\BitCometService.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files\BitComet\tools\UPNP.exe	Section loaded: apphelp.dll
Source: C:\Program Files\BitComet\tools\UPNP.exe	Section loaded: version.dll
Source: C:\Program Files\BitComet\tools\UPNP.exe	Section loaded: winmm.dll
Source: C:\Program Files\BitComet\tools\UPNP.exe	Section loaded: wininet.dll
Source: C:\Program Files\BitComet\tools\UPNP.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files\BitComet\tools\UPNP.exe	Section loaded: uxtheme.dll
Source: C:\Program Files\BitComet\tools\UPNP.exe	Section loaded: firewallapi.dll
Source: C:\Program Files\BitComet\tools\UPNP.exe	Section loaded: dnsapi.dll
Source: C:\Program Files\BitComet\tools\UPNP.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files\BitComet\tools\UPNP.exe	Section loaded: fwbase.dll
Source: C:\Program Files\BitComet\tools\UPNP.exe	Section loaded: fwpolicyiomgr.dll
Source: C:\Program Files\BitComet\tools\UPNP.exe	Section loaded: hnetcfg.dll
Source: C:\Program Files\BitComet\tools\UPNP.exe	Section loaded: atl.dll
Source: C:\Program Files\BitComet\tools\UPNP.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files\BitComet\tools\UPNP.exe	Section loaded: userenv.dll
Source: C:\Program Files\BitComet\tools\UPNP.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wersvc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: windowsperformancerecordercontrol.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: weretw.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: xmllite.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wer.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: faultrep.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dbghelp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dbgcore.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wer.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll

Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32

Jump to behavior

Source: BitComet.lnk.5.dr	LNK file: ..\..\..\..\..\..\Program Files\BitComet\BitComet.exe
Source: HomePage.lnk.5.dr	LNK file: ..\..\..\..\..\..\Program Files\BitComet\BitComet.url
Source: Uninstall.lnk.5.dr	LNK file: ..\..\..\..\..\..\Program Files\BitComet\uninst.exe
Source: BitComet.lnk0.5.dr	LNK file: ..\..\..\Program Files\BitComet\BitComet.exe

Source: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\common\icarus.exe

File written: C:\ProgramData\AVG\Icarus\settings\proxy.ini

Reads the Windows registered owner settings

Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwner

Jump to behavior

Executable creates window controls seldom found in malware

Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp

Window found: window name: TSelectLanguageForm

Jump to behavior

Found GUI installer (many successful clicks)

Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Automated click: OK
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Automated click: Accept
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Automated click: Accept
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Automated click: Next

Uses Rich Edit Controls

Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp

File opened: C:\Windows\SysWOW64\MSFTEDIT.DLL

Jump to behavior

Found graphical window changes (likely an installer)

Source: Window Recorder

Window detected: More than 3 window changes detected

Found installer window with terms and condition text

Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp

Found window with many clickable UI elements (buttons, textforms, scrollbars etc)

Source: C:\Program Files\BitComet\BitComet.exe	Window detected: Number of UI elements: 40
Source: C:\Program Files\BitComet\BitComet.exe	Window detected: Number of UI elements: 40
Source: C:\Program Files\BitComet\BitComet.exe	Window detected: Number of UI elements: 40
Source: C:\Program Files\BitComet\BitComet.exe	Window detected: Number of UI elements: 40
Source: C:\Program Files\BitComet\BitComet.exe	Window detected: Number of UI elements: 40

Creates a directory in C:\Program Files

Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\ReadMe.txt	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\License.txt	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\ChangeLog.txt	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\BitComet.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\CrashReport.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\WebView2Loader.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-ar.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-bg.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-bs.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-ca.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-cs.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-da.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-de.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-el.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-en_US.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-es.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-et.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-eu.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-fa.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-fi.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-fr.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-gl.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-he.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-hr.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-hu.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-hy.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-id.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-it.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-ja.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-kk.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-kn.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-ko.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-ku.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-lt.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-lv.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-mk.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-ms.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-nb.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-ne.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-nl.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-pl.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-pt.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-pt_BR.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-ro.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-ru.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-sk.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-sl.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-sq.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-sr.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-sv.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-ta.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-th.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-tr.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-ug.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-uk.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-ur.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-vi.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-zh_CN.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\bitcomet-zh_TW.mo	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\lang\HowTo-Translate.txt	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\ip2location	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\ip2location\ip2location.bin	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\ip2location\ip2location-country-multilingual.csv	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\tools	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\tools\UPNP.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\tools\VideoSnapshot.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\tools\Updater.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\tools\BitCometToastsNotifier.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\tools\BitCometToastsNotifier.png	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\tools\ChromeLauncher.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\tools\ChromeLauncherManifest.json	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\tools\ChromeExtension.crx	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\tools\EdgeExtension.crx	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\tools\FirefoxLauncherManifest.json	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\tools\FirefoxExtension.xpi	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\tools\BitCometAgent_1.92.7.9.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\tools\BitCometService.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\BitComet.url	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Directory created: C:\Program Files\BitComet\uninst.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\analyticsmanager.cab
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\analyticstelemetry.cab
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\balloon_safe_annotation.png
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\browserhost.cab
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\browserplugin.cab
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\downloadscan.cab
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\eventmanager.cab
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\icon_complete.png
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\icon_failed.png
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\icon_laptop.png
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\installer.exe
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jquery-1.9.0.min.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\l10n.cab
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\logicmodule.cab
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\logicscripts.cab
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\lookupmanager.cab
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\main_close_large.png
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\mcafeecerts.xml
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\mcafee_pc_install_icon.png
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\mcafee_pc_install_icon2.png
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\mfw-mwb.cab
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\mfw-nps.cab
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\mfw-webadvisor.cab
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\mfw.cab
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\resource.dll
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\resourcedll.cab
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\servicehost.cab
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\settingmanager.cab
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\taskmanager.cab
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\telemetry.cab
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\uihost.cab
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\uimanager.cab
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\uninstaller.cab
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\updater.cab
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\wa-common.css
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\wa-core.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\wa-install.css
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\wa-install.html
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\wa-ui-install.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\wa-utils.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\wataskmanager.cab
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\wa_install_check.png
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\wa_install_check2.png
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\wa_install_close.png
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\wa_install_close2.png
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\wa_install_error.png
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\wa_logo.png
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\wa_logo2.png
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\webadvisor.cab
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\webadvisor.ico
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\wssdep.cab
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-cs-CZ.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-da-DK.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-de-DE.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-el-GR.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-en-US.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-es-ES.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-es-MX.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-fi-FI.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-fr-CA.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-fr-FR.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-hr-HR.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-hu-HU.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-it-IT.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-ja-JP.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-ko-KR.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-nb-NO.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-nl-NL.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-pl-PL.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-pt-BR.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-pt-PT.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-ru-RU.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-sk-SK.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-sr-Latn-CS.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-sv-SE.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-tr-TR.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-zh-CN.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-zh-TW.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-install-cs-CZ.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-install-da-DK.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-install-de-DE.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-install-el-GR.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-install-en-US.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-install-es-ES.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-install-es-MX.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-install-fi-FI.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-install-fr-CA.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-install-fr-FR.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-install-hr-HR.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-install-hu-HU.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-install-it-IT.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-install-ja-JP.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-install-ko-KR.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-install-nb-NO.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-install-nl-NL.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-install-pl-PL.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-install-pt-BR.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-install-pt-PT.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-install-ru-RU.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-install-sk-SK.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-install-sr-Latn-CS.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-install-sv-SE.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-install-tr-TR.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-install-zh-CN.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-install-zh-TW.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-shared-cs-CZ.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-shared-da-DK.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-shared-de-DE.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-shared-el-GR.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-shared-en-US.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-shared-es-ES.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-shared-es-MX.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-shared-fi-FI.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-shared-fr-CA.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-shared-fr-FR.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-shared-hr-HR.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-shared-hu-HU.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-shared-it-IT.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-shared-ja-JP.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-shared-ko-KR.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-shared-nb-NO.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-shared-nl-NL.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-shared-pl-PL.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-shared-pt-BR.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-shared-pt-PT.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-shared-ru-RU.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-shared-sk-SK.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-shared-sr-Latn-CS.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-shared-sv-SE.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-shared-tr-TR.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-shared-zh-CN.js
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Directory created: C:\Program Files\McAfee\Temp1561643107\jslang\wa-res-shared-zh-TW.js

PE / OLE file has a valid certificate

Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.exe

Static PE information: certificate valid

Submission file is bigger than most known malware samples

Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.exe

Static file information: File size 2576200 > 1048576

Contains modern PE file flags such as dynamic base (ASLR) or NX

Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Binary contains paths to debug symbols

Source:	Binary string: F:\develop\VideoSnap\app\Release_unicode\VideoSnapshot.pdb source: BitComet_2.08a_setup.exe, 00000005.00000002.2249442158.0000000002794000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\develop\BitCometAgent_ActiveX\app\Release_Unicode\BitCometAgent_ActiveX.pdb source: BitComet_2.08a_setup.exe, 00000005.00000002.2249442158.0000000002794000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\avDump.pdb= source: avg_antivirus_free_online_setup.exe, 0000000C.00000003.2539291834.0000000005D30000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x86\icarus_mod.pdb source: avg_antivirus_free_online_setup.exe, 0000000C.00000003.2418861617.0000000005B49000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x86\icarus_sfx.pdb source: avg_antivirus_free_online_setup.exe, 0000000C.00000002.2995522970.0000000005490000.00000002.00000001.00040000.00000018.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000000.2390280020.0000000000DC7000.00000002.00000001.01000000.00000018.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000002.2964747983.0000000000DC7000.00000002.00000001.01000000.00000018.sdmp
Source:	Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\icarus_ui.pdb source: avg_antivirus_free_online_setup.exe, 0000000C.00000003.2504355859.0000000006006000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\jenkins\workspace\ebAdvisor_WABinary_release_4.1.1\build\Win32\Release\SaBsi.pdb source: saBSI.exe, 0000000A.00000000.2344892193.00000000006DE000.00000002.00000001.01000000.00000016.sdmp, saBSI.exe, 0000000A.00000002.2896762694.00000000006DE000.00000002.00000001.01000000.00000016.sdmp
Source:	Binary string: E:\develop\tools\desktop-toasts\Release\BitCometToastsNotifier.pdb source: BitComet_2.08a_setup.exe, 00000005.00000002.2249442158.0000000002794000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Source\Repos\DS-Platform\zbShield-Utils-CPP\zbShieldUtils\bin\Release\zbShieldUtils.pdb source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2405003876.00000000075E0000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: D:\develop\BitComet_2.08a\app\Release_unicode_x64\GUI_BitComet_wx.pdb source: BitComet.exe, 0000000D.00000002.2420857876.00007FF664E1C000.00000002.00000001.01000000.00000019.sdmp, BitComet.exe, 0000000D.00000000.2403166450.00007FF664E1C000.00000002.00000001.01000000.00000019.sdmp
Source:	Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\avDump.pdb source: avg_antivirus_free_online_setup.exe, 0000000C.00000003.2539291834.0000000005D30000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\Develop\BitCometExtension_IE\app\release_unicode\BitCometBHO.pdb source: BitComet_2.08a_setup.exe, 00000005.00000002.2249442158.000000000276B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\AvBugReport.pdb source: avg_antivirus_free_online_setup.exe, 0000000C.00000003.2577221124.0000000005DA0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\develop\CrashReport\CrashRpt_v3\bin\x64\Release LIB\CrashReport.pdbx source: BitComet.exe, 0000000D.00000003.2405439939.0000023E831E0000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: #F:\develop\VideoSnap\app\Release_unicode\VideoSnapshot.pdb source: BitComet_2.08a_setup.exe, 00000005.00000002.2249442158.0000000002794000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\icarus.pdb source: avg_antivirus_free_online_setup.exe, 0000000C.00000003.2450616405.0000000005E8C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\icarus.pdbU source: avg_antivirus_free_online_setup.exe, 0000000C.00000003.2450616405.0000000005E8C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\BUILD\work\8b0ebd312dc47f30\projects\avast\microstub\x86\Release\microstub.pdb source: avg_antivirus_free_setup.exe, 0000000B.00000000.2364390202.00000000000C3000.00000002.00000001.01000000.00000017.sdmp, avg_antivirus_free_setup.exe, 0000000B.00000002.2963084059.00000000000C3000.00000002.00000001.01000000.00000017.sdmp
Source:	Binary string: D:\develop\CrashReport\CrashRpt_v3\bin\x64\Release LIB\CrashReport.pdb source: BitComet.exe, 0000000D.00000003.2405439939.0000023E831E0000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\develop\BitCometExtension_Chrome\bc_launcher_for_chrome\Release\ChromeLauncher.pdb source: BitComet_2.08a_setup.exe, 00000005.00000002.2249442158.0000000002794000.00000004.00000020.00020000.00000000.sdmp

Data Obfuscation

Contains functionality to dynamically determine API calls

Source: C:\Users\user\AppData\Local\Temp\nscA1E4.tmp\BitComet_stats.exe

Code function: 8_2_0040A15D IsProcessorFeaturePresent,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcessHeap,GetProcessHeap,HeapAlloc,InterlockedCompareExchange,GetProcessHeap,HeapFree,

8_2_0040A15D

PE file contains an invalid checksum

Source: uninst.exe.5.dr	Static PE information: real checksum: 0x1a4dfb5 should be: 0x142315
Source: BitCometService.exe.5.dr	Static PE information: real checksum: 0x294eeb should be: 0x294d8d
Source: BitCometService.exe0.5.dr	Static PE information: real checksum: 0x294eeb should be: 0x294d8d
Source: System.dll.5.dr	Static PE information: real checksum: 0x0 should be: 0x9091
Source: zbShieldUtils.dll.1.dr	Static PE information: real checksum: 0x0 should be: 0x20647e
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp.0.dr	Static PE information: real checksum: 0x0 should be: 0x2fb5da
Source: BcNsisHelperXP.dll.5.dr	Static PE information: real checksum: 0x0 should be: 0x31b07
Source: BcNsisHelper.dll.5.dr	Static PE information: real checksum: 0x0 should be: 0x3103df

PE file contains sections with non-standard names

Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.exe	Static PE information: section name: .didata
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp.0.dr	Static PE information: section name: .didata
Source: saBSI.exe.1.dr	Static PE information: section name: .didat
Source: avg_antivirus_free_setup.exe.1.dr	Static PE information: section name: .didat
Source: BitComet.exe.5.dr	Static PE information: section name: .detourc
Source: BitComet.exe.5.dr	Static PE information: section name: .detourd
Source: WebView2Loader.dll.5.dr	Static PE information: section name: .00cfg
Source: WebView2Loader.dll.5.dr	Static PE information: section name: .gxfg
Source: WebView2Loader.dll.5.dr	Static PE information: section name: .retplne
Source: WebView2Loader.dll.5.dr	Static PE information: section name: .voltbl
Source: WebView2Loader.dll.5.dr	Static PE information: section name: _RDATA
Source: VideoSnapshot.exe.5.dr	Static PE information: section name: _TEXT64
Source: VideoSnapshot.exe.5.dr	Static PE information: section name: _RDATA
Source: installer.exe.10.dr	Static PE information: section name: _RDATA
Source: avg_antivirus_free_online_setup.exe.11.dr	Static PE information: section name: .didat
Source: icarus_ui.exe.12.dr	Static PE information: section name: _RDATA
Source: dump_process.exe.12.dr	Static PE information: section name: .didat
Source: dump_process.exe.12.dr	Static PE information: section name: _RDATA
Source: bug_report.exe.12.dr	Static PE information: section name: _RDATA
Source: icarus.exe.12.dr	Static PE information: section name: .didat
Source: icarus.exe.12.dr	Static PE information: section name: _RDATA
Source: bug_report.exe.39.dr	Static PE information: section name: _RDATA
Source: dump_process.exe.39.dr	Static PE information: section name: .didat
Source: dump_process.exe.39.dr	Static PE information: section name: _RDATA
Source: icarus.exe.39.dr	Static PE information: section name: .didat
Source: icarus.exe.39.dr	Static PE information: section name: _RDATA
Source: icarus_ui.exe.39.dr	Static PE information: section name: _RDATA
Source: dump_process.exe0.39.dr	Static PE information: section name: .didat
Source: dump_process.exe0.39.dr	Static PE information: section name: _RDATA
Source: bug_report.exe0.39.dr	Static PE information: section name: _RDATA
Source: icarus.exe0.39.dr	Static PE information: section name: .didat
Source: icarus.exe0.39.dr	Static PE information: section name: _RDATA
Source: icarus_product.dll.39.dr	Static PE information: section name: _RDATA
Source: icarus_product.dll0.39.dr	Static PE information: section name: _RDATA
Source: installer.exe.40.dr	Static PE information: section name: .didat
Source: installer.exe.40.dr	Static PE information: section name: _RDATA

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\AppData\Local\Temp\nscA1E4.tmp\BitComet_stats.exe	Code function: 8_2_0040ABF1 push ecx; ret	8_2_0040AC04
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Code function: 10_2_00698DDB push ecx; ret	10_2_00698DEE
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Code function: 10_2_006C7CFD push ecx; ret	10_2_006C7D12
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe	Code function: 11_2_000B1396 push ecx; ret	11_2_000B13A9
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Code function: 12_2_00D6D178 push ecx; ret	12_2_00D6D18B

Source: BitCometService.exe.5.dr	Static PE information: section name: .text entropy: 6.931897898159348
Source: BitCometService.exe0.5.dr	Static PE information: section name: .text entropy: 6.931897898159348
Source: VideoSnapshot.exe.5.dr	Static PE information: section name: .text entropy: 6.902269600709831

Persistence and Installation Behavior

Contains functionality to infect the boot sector

Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe	Code function: GetVersion,CreateFileW,GetLastError,DeviceIoControl,GetLastError,CloseHandle, \\.\PhysicalDrive%u	11_2_000AA100
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Code function: GetVersion,CreateFileW,GetLastError,DeviceIoControl,GetLastError,CloseHandle, \\.\PhysicalDrive%u	12_2_00D640A0
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Code function: CreateFileW,GetLastError,DeviceIoControl,GetLastError,DeviceIoControl,GetLastError,_strncpy,CloseHandle, \\.\PhysicalDrive%u	12_2_00D64380
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Code function: CreateFileW,GetLastError,DeviceIoControl,GetLastError,DeviceIoControl,GetLastError,_strncpy,CloseHandle, \\.\PhysicalDrive%u	12_2_00D646E0

Drops PE files

Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	File created: C:\Program Files\BitComet\tools\Updater.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	File created: C:\Program Files\BitComet\tools\BitCometToastsNotifier.exe	Jump to dropped file
Source: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\common\icarus.exe	File created: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\avg-av-vps\icarus.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	File created: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\is-3V26O.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	File created: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\zbShieldUtils.dll	Jump to dropped file
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	File created: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\common\bug_report.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	File created: C:\Program Files\McAfee\Temp1561643107\installer.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe	File created: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	File created: C:\Program Files\McAfee\Temp1561643107\resource.dll	Jump to dropped file
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	File created: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\common\icarus.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	File created: C:\Program Files\BitComet\tools\BitCometAgent_1.92.7.9.dll	Jump to dropped file
Source: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\common\icarus.exe	File created: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\avg-av\bug_report.exe	Jump to dropped file
Source: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\common\icarus.exe	File created: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\avg-av\icarus_product.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	File created: C:\Users\user\AppData\Local\Temp\nscA1E4.tmp\BcNsisHelper.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	File created: C:\Program Files\BitComet\tools\ChromeLauncher.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	File created: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe	Jump to dropped file
Source: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\common\icarus.exe	File created: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\avg-av\icarus.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	File created: C:\Users\user\AppData\Local\Temp\nscA1E4.tmp\BitCometService.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Riskware.OfferCore.5002.4698.exe	File created: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	File created: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Jump to dropped file
Source: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\common\icarus.exe	File created: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\avg-av-vps\bug_report.exe	Jump to dropped file
Source: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\common\icarus.exe	File created: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\avg-av-vps\icarus_product.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	File created: C:\Users\user\AppData\Local\Temp\nscA1E4.tmp\BitComet_stats.exe	Jump to dropped file
Source: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\common\icarus.exe	File created: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\avg-av\icarus_ui.exe	Jump to dropped file
Source: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\common\icarus.exe	File created: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\avg-av\icarus_rvrt.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	File created: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	File created: C:\Program Files\BitComet\tools\VideoSnapshot.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	File created: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Jump to dropped file
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	File created: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\common\icarus_ui.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	File created: C:\Program Files\BitComet\uninst.exe	Jump to dropped file
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	File created: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\common\icarus_mod.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	File created: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	File created: C:\Program Files\BitComet\BitComet.exe	Jump to dropped file
Source: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\common\icarus.exe	File created: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\avg-av\aswOfferTool.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	File created: C:\Users\user\AppData\Local\Temp\nscA1E4.tmp\BcNsisHelperXP.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	File created: C:\Program Files\BitComet\WebView2Loader.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	File created: C:\Users\user\AppData\Local\Temp\nscA1E4.tmp\System.dll	Jump to dropped file
Source: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\common\icarus.exe	File created: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\avg-av\dump_process.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	File created: C:\Program Files\BitComet\tools\UPNP.exe	Jump to dropped file
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	File created: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\common\dump_process.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	File created: C:\Program Files\BitComet\tools\BitCometService.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	File created: C:\Users\user\AppData\Local\Temp\nscA1E4.tmp\http_Downloader.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	File created: C:\Program Files\BitComet\CrashReport.exe	Jump to dropped file
Source: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\common\icarus.exe	File created: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\avg-av-vps\icarus_rvrt.exe	Jump to dropped file
Source: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\common\icarus.exe	File created: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\avg-av-vps\dump_process.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	File created: C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll	Jump to dropped file

Drops PE files to the windows directory (C:\Windows)

Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe

Code function: 11_2_000A52F0 InterlockedExchange,GetCurrentProcess,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,CreateMutexW,GetLastError,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,CoInitializeEx,CoCreateInstance,CoUninitialize,InterlockedExchange,GetLastError,InterlockedExchange,MessageBoxExW,wsprintfW,wsprintfW,MessageBoxExW,InterlockedExchange,InterlockedExchange,CreateThread,CloseHandle,InterlockedExchange,GetLastError,InterlockedExchange,MoveFileExW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileIntW,wsprintfW,CreateFileW,InterlockedExchange,GetLastError,InterlockedExchange,MoveFileExW,MoveFileExW,GetDiskFreeSpaceExW,InterlockedExchange,InterlockedExchange,MessageBoxExW,InterlockedExchange,GetLastError,InterlockedExchange,wsprintfW,wsprintfW,MessageBoxExW,CloseHandle,CreateFileW,InterlockedExchange,GetLastError,InterlockedExchange,InterlockedExchange,GetLastError,InterlockedExchange,InterlockedExchange,CreateProcessW,InterlockedExchange,GetLastError,InterlockedExchange,AllowSetForegroundWindow,ResumeThread,InterlockedExchange,GetLastError,InterlockedExchange,PostMessageW,WaitForSingleObject,GetExitCodeProcess,InterlockedExchange,InterlockedExchange,InterlockedExchange,CloseHandle,CloseHandle,CloseHandle,_wcsrchr,_wcsrchr,CreateHardLinkW,CopyFileW,ReleaseMutex,CloseHandle,___delayLoadHelper2@8,

11_2_000A52F0

Creates license or readme file

Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	File created: C:\Program Files\BitComet\ReadMe.txt	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	File created: C:\Program Files\BitComet\License.txt	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	File created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-cs-CZ.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	File created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-da-DK.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	File created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-de-DE.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	File created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-el-GR.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	File created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-en-US.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	File created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-es-ES.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	File created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-es-MX.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	File created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-fi-FI.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	File created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-fr-CA.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	File created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-fr-FR.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	File created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-hr-HR.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	File created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-hu-HU.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	File created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-it-IT.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	File created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-ja-JP.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	File created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-ko-KR.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	File created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-nb-NO.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	File created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-nl-NL.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	File created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-pl-PL.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	File created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-pt-BR.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	File created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-pt-PT.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	File created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-ru-RU.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	File created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-sk-SK.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	File created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-sr-Latn-CS.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	File created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-sv-SE.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	File created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-tr-TR.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	File created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-zh-CN.txt
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	File created: C:\Program Files\McAfee\Temp1561643107\jslang\eula-zh-TW.txt

Boot Survival

Contains functionality to infect the boot sector

Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe	Code function: GetVersion,CreateFileW,GetLastError,DeviceIoControl,GetLastError,CloseHandle, \\.\PhysicalDrive%u	11_2_000AA100
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Code function: GetVersion,CreateFileW,GetLastError,DeviceIoControl,GetLastError,CloseHandle, \\.\PhysicalDrive%u	12_2_00D640A0
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Code function: CreateFileW,GetLastError,DeviceIoControl,GetLastError,DeviceIoControl,GetLastError,_strncpy,CloseHandle, \\.\PhysicalDrive%u	12_2_00D64380
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Code function: CreateFileW,GetLastError,DeviceIoControl,GetLastError,DeviceIoControl,GetLastError,_strncpy,CloseHandle, \\.\PhysicalDrive%u	12_2_00D646E0

Creates or modifies windows services

Source: C:\Program Files\BitComet\tools\BitCometService.exe

Registry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BITCOMET_HELPER_SERVICE

Jump to behavior

Stores files to the Windows start menu directory

Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitComet (64-bit)	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitComet (64-bit)\BitComet.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitComet (64-bit)\HomePage.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitComet (64-bit)\Uninstall.lnk	Jump to behavior

Hooking and other Techniques for Hiding and Protection

Extensive use of GetProcAddress (often used to hide API calls)

Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe

Code function: 10_2_00650540 EnterCriticalSection,FreeLibrary,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LeaveCriticalSection,

10_2_00650540

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
Source: C:\Program Files\BitComet\BitComet.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Program Files\BitComet\tools\UPNP.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Program Files\BitComet\tools\UPNP.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Program Files\BitComet\tools\UPNP.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Program Files\BitComet\tools\UPNP.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes

Stores large binary data to the registry

Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8 Blob

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Riskware.OfferCore.5002.4698.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\BitComet\tools\BitCometService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\BitComet\tools\BitCometService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\BitComet\tools\BitCometService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\BitComet\tools\BitCometService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\BitComet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\tools\BitCometService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\BitComet\tools\BitCometService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\common\icarus.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\common\icarus.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\common\icarus.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\common\icarus.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\common\icarus.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\common\icarus.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\common\icarus.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX

Malware Analysis System Evasion

Query firmware table information (likely to detect VMs)

Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe	System information queried: FirmwareTableInformation
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	System information queried: FirmwareTableInformation
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	System information queried: FirmwareTableInformation
Source: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\common\icarus.exe	System information queried: FirmwareTableInformation
Source: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\common\icarus.exe	System information queried: FirmwareTableInformation

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: avg_antivirus_free_online_setup.exe, 0000000C.00000003.2604061607.0000000005C6A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: <DEST>%PRODUCT_INST_A64%/ASWHOOK.DLL</DEST>
Source: avg_antivirus_free_online_setup.exe, 0000000C.00000003.2604061607.0000000005C6A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: <PATH>%PRODUCT_INST_32%\ASWHOOKX.DLL</PATH>
Source: avg_antivirus_free_online_setup.exe, 0000000C.00000003.2604061607.0000000005C6A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: <DEST>%PRODUCT_INST_32%/ASWHOOK.DLL</DEST>
Source: avg_antivirus_free_online_setup.exe, 0000000C.00000003.2604061607.0000000005C6A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: <DEST>%PRODUCT_INST_64%/ASWHOOK.DLL</DEST>

Allocates memory with a write watch (potentially for evading sandboxes)

Source: C:\Users\user\AppData\Local\Temp\nscA1E4.tmp\BitComet_stats.exe

Memory allocated: 31C0000 memory reserve | memory write watch

Jump to behavior

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Program Files\BitComet\tools\BitCometService.exe

Code function: 7_2_00401440 rdtsc

7_2_00401440

Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)

Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe

Code function: 10_2_00624C8E GetCurrentProcessId,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,FindCloseChangeNotification,

10_2_00624C8E

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Source: C:\Program Files\BitComet\BitComet.exe	Window / User API: foregroundWindowGot 449
Source: C:\Program Files\BitComet\tools\BitCometService.exe	Window / User API: threadDelayed 2860

Found dropped PE file which has not been started or loaded

Source: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\common\icarus.exe	Dropped PE file which has not been started: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\avg-av-vps\icarus.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Dropped PE file which has not been started: C:\Program Files\BitComet\tools\BitCometToastsNotifier.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Dropped PE file which has not been started: C:\Program Files\BitComet\tools\Updater.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\zbShieldUtils.dll	Jump to dropped file
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Dropped PE file which has not been started: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\common\bug_report.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Dropped PE file which has not been started: C:\Program Files\McAfee\Temp1561643107\installer.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	Dropped PE file which has not been started: C:\Program Files\McAfee\Temp1561643107\resource.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Dropped PE file which has not been started: C:\Program Files\BitComet\tools\BitCometAgent_1.92.7.9.dll	Jump to dropped file
Source: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\common\icarus.exe	Dropped PE file which has not been started: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\avg-av\bug_report.exe	Jump to dropped file
Source: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\common\icarus.exe	Dropped PE file which has not been started: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\avg-av\icarus_product.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nscA1E4.tmp\BcNsisHelper.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Dropped PE file which has not been started: C:\Program Files\BitComet\tools\ChromeLauncher.exe	Jump to dropped file
Source: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\common\icarus.exe	Dropped PE file which has not been started: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\avg-av-vps\bug_report.exe	Jump to dropped file
Source: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\common\icarus.exe	Dropped PE file which has not been started: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\avg-av-vps\icarus_product.dll	Jump to dropped file
Source: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\common\icarus.exe	Dropped PE file which has not been started: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\avg-av\icarus_ui.exe	Jump to dropped file
Source: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\common\icarus.exe	Dropped PE file which has not been started: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\avg-av\icarus_rvrt.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Dropped PE file which has not been started: C:\Program Files\BitComet\tools\VideoSnapshot.exe	Jump to dropped file
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Dropped PE file which has not been started: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\common\icarus_ui.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Dropped PE file which has not been started: C:\Program Files\BitComet\uninst.exe	Jump to dropped file
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Dropped PE file which has not been started: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\common\icarus_mod.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\common\icarus.exe	Dropped PE file which has not been started: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\avg-av\aswOfferTool.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nscA1E4.tmp\BcNsisHelperXP.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nscA1E4.tmp\System.dll	Jump to dropped file
Source: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\common\icarus.exe	Dropped PE file which has not been started: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\avg-av\dump_process.exe	Jump to dropped file
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Dropped PE file which has not been started: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\common\dump_process.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nscA1E4.tmp\http_Downloader.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Dropped PE file which has not been started: C:\Program Files\BitComet\CrashReport.exe	Jump to dropped file
Source: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\common\icarus.exe	Dropped PE file which has not been started: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\avg-av-vps\icarus_rvrt.exe	Jump to dropped file
Source: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\common\icarus.exe	Dropped PE file which has not been started: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\avg-av-vps\dump_process.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Dropped PE file which has not been started: C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll	Jump to dropped file

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp TID: 6952	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp TID: 6968	Thread sleep time: -90000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe TID: 6384	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe TID: 6996	Thread sleep time: -30000s >= -30000s
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe TID: 3052	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files\BitComet\tools\BitCometService.exe TID: 4388	Thread sleep count: 2860 > 30
Source: C:\Windows\System32\svchost.exe TID: 1228	Thread sleep time: -30000s >= -30000s

Queries disk information (often used to detect virtual machines)

Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe

File opened: PhysicalDrive0

Queries keyboard layouts

Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe

Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809

Sample execution stops while process was sleeping (likely an evasion)

Source: C:\Program Files\BitComet\tools\BitCometService.exe	Last function: Thread delayed
Source: C:\Program Files\BitComet\tools\BitCometService.exe	Last function: Thread delayed

Sleep loop found (likely to delay execution)

Source: C:\Program Files\BitComet\tools\BitCometService.exe

Thread sleep count: Count: 2860 delay: -10

Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	File Volume queried: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp FullSizeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	File Volume queried: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp FullSizeInformation	Jump to behavior
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	File Volume queried: C:\Users\user\AppData\Local\BitComet\EBWebView\Default\Code Cache\wasm FullSizeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	File Volume queried: C:\Users\user\AppData\Local\BitComet\EBWebView\Default\Code Cache\js FullSizeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	File Volume queried: C:\Users\user\AppData\Local\BitComet\EBWebView\Default\blob_storage\6b9348ea-9fc1-4c1f-a7d2-490662dd4467 FullSizeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	File Volume queried: C:\Users\user\AppData\Local\BitComet\EBWebView\Default\Cache\Cache_Data FullSizeInformation
Source: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\common\icarus.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\common\icarus.exe	File Volume queried: C:\ FullSizeInformation

Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Code function: 5_2_0040672B FindFirstFileW,FindClose,	5_2_0040672B
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Code function: 5_2_00405AFA CloseHandle,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,	5_2_00405AFA
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Code function: 5_2_00402868 FindFirstFileW,	5_2_00402868
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Code function: 12_2_00D0C5F0 FindFirstFileExW,GetLastError,PathMatchSpecW,FindNextFileW,GetLastError,FindClose,	12_2_00D0C5F0
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Code function: 12_2_00D0A030 FindFirstFileW,FindNextFileW,FindClose,GetFileAttributesW,GetFileAttributesW,SetFileAttributesW,RemoveDirectoryW,Sleep,GetFileAttributesW,	12_2_00D0A030
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Code function: 12_2_00D34F20 FindFirstFileW,MoveFileExW,GetLastError,FindNextFileW,GetFileAttributesW,GetLastError,MoveFileExW,GetLastError,FindClose,	12_2_00D34F20

Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe

Code function: 10_2_00682782 VirtualQuery,GetSystemInfo,

10_2_00682782

Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	File opened: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	File opened: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	File opened: C:\Users\user\AppData\Local\Temp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	File opened: C:\Users\user\AppData\Local	Jump to behavior

Source: avg_antivirus_free_online_setup.exe, 0000000C.00000003.2394853669.0000000003538000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \Device\HarddiskVolume1\??\Volume{ad6cc5d8-f1a9-4873-be33-91b2f05e9306}\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:U
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1760509842.000000000085F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000002.2633853589.0000000004EA0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware, Inc.
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2110428676.000000000085C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: "ctu":"https://home.mcafee.com/Root/AboutUs.aspx?id=eula","pv":"1.26","ov":63,"ud":true,"v":4}},{"ad":{"n":"","f":"ZB_TotalSecurity_V4","o":"TotalSecurity_AV"},"ps":{"i":"TotalSecurity_AV/images/1127/V4/EN.png","dn":"360 Total Security","u":"TotalSecurity_AV/files/1127/ts360Setup.zip","p":"/s","r":["Microsoft\\Windows\\CurrentVersion\\Uninstall\\360TotalSecurity","360TotalSecurity","360Safe","VMware, Inc."],"cp":"https://www.360,
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2410033411.00000000007D7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1760569997.0000000000815000.00000004.00000020.00020000.00000000.sdmp, BitComet_stats.exe, 00000008.00000003.2227227262.000000000071F000.00000004.00000020.00020000.00000000.sdmp, BitComet_stats.exe, 00000008.00000003.2228162848.0000000000701000.00000004.00000020.00020000.00000000.sdmp, BitComet_stats.exe, 00000008.00000003.2227044278.0000000000700000.00000004.00000020.00020000.00000000.sdmp, BitComet_stats.exe, 00000008.00000002.2230382325.0000000000701000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000002.2897708570.0000000002EB9000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2895072615.0000000002EB9000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2719167639.0000000002EBA000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2373312406.0000000002EBA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1760569997.0000000000815000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWe6
Source: avg_antivirus_free_online_setup.exe, 0000000C.00000003.2405758044.000000000355C000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2631626247.0000000003555000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2611110279.0000000003549000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2447801969.000000000355C000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2417641679.0000000003559000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2403430429.0000000003559000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000002.2976217934.0000000003544000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2571577024.000000000355B000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2536687235.000000000355A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWen-GBn
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000002.2618744694.000000000087E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware, Inc.0
Source: BitComet_stats.exe, 00000008.00000003.2228249240.00000000006E3000.00000004.00000020.00020000.00000000.sdmp, BitComet_stats.exe, 00000008.00000002.2230315967.00000000006E3000.00000004.00000020.00020000.00000000.sdmp, BitComet_stats.exe, 00000008.00000003.2227384369.00000000006E3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWp{p%SystemRoot%\system32\mswsock.dll
Source: saBSI.exe, 0000000A.00000002.2897708570.0000000002EB9000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2895072615.0000000002EB9000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2719167639.0000000002EBA000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2373312406.0000000002EBA000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2728067926.0000000002EB9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%r
Source: saBSI.exe, 0000000A.00000002.2897708570.0000000002E76000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2895072615.0000000002E73000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW`
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1778301135.0000000000861000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Windows\\CurrentVersion\\Uninstall\\ReasonLabs-EPP","VMware, Inc."],"rvd":["HKLM
Source: avg_antivirus_free_online_setup.exe, 0000000C.00000003.2392210299.0000000003537000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \Device\HarddiskVolume1\??\Volume{ad6cc5d8-f1a9-4873-be33-91b2f05e9306}\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:
Source: BitComet_2.08a_setup.exe, 00000005.00000002.2247774329.000000000080F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\
Source: BitComet.exe, 0000000D.00000002.2420857876.00007FF664E1C000.00000002.00000001.01000000.00000019.sdmp, BitComet.exe, 0000000D.00000000.2403166450.00007FF664E1C000.00000002.00000001.01000000.00000019.sdmp	Binary or memory string: /\..\\?\UNC\/\\\?\::..*NULCOM7COM6COM9COM8COM3COM2COM5COM4AUXPRNCOM1NULCON.cmd.pif.bat.scf .LPT9.scr.comLPT6LPT5LPT8LPT7LPT2LPT1LPT4LPT3.webm.mov.ogv.ogm.mpeg.mpg.mpv.m4v.avi.rm.asf.wmv.xpi.vbs.rmvb.apk.ps.m2ts.mod.ts.scm.f4v.hlv.ifo.3g2.3gpp.pmp.3gp2.qt.divx.3gp.vob.mp2.flac.wv.mpa.mpga.ape.vqf.amr.aac.au.wma.ogg.mp3.mid.ram.ra.svgz.svg.tif.tiff.pct.pict.psd.pic.jp2.jpg2.pcx.pcd.dff.dsf.emf.epsntfs.nrghgfsapfs.ccd.iso.mds.cue.gz.7z.rar.bz2.wmf.tga.xpm.xbmhfsfuse-rcloneext2exfatrefsext3
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000002.2627572791.0000000003622000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: ln:opera_new_a","c":"opera_new_a","a":["OperaSetup","OperaSetup.exe","OperaGXSetup.exe","OperaGXSetup"],"r":["Opera Software"],"cp":"https://www.opera.com/he/privacy","ctu":"https://www.opera.com/he/eula/computers","ov":100,"cbfo":true,"pv":"1.23","v":3,"x":3}},{"ad":{"n":"","f":"ZB_WZ_V1","o":"WeatherZero"},"ps":{"i":"WeatherZero/images/969/EN.png","dn":"WeatherZero","u":"WeatherZero/files/969/WZSetup.zip","p":"/S /tpchannelid=1571 /distid=App123","r":["Microsoft\\Windows\\CurrentVersion\\Uninstall\\WeatherZero"],"cp":"https://www.premieropinion.com/privacy-policy","ctu":"https://www.premieropinion.com/common/termsofservice-v1","pv":"1.26","cbfo":true,"v":4}},{"ad":{"n":"","f":"ZB_AVG_TuneUp","o":"AVG_TuneUp"},"ps":{"dn":"AVG TuneUp","i":"AVG_TuneUp/images/1543/EN.png","u":"AVG_TuneUp/files/1543/Fixed_Build/avg_tuneup_online_setup.zip","p":"/silent /delayUIStart:120","r":["Microsoft\\Windows\\CurrentVersion\\Uninstall\\CCleaner","Microsoft\\Windows\\CurrentVersion\\Uninstall\\Avast Cleanup","Microsoft\\Windows\\CurrentVersion\\Uninstall\\AVG TuneUp","Microsoft\\Windows\\CurrentVersion\\Uninstall\\Avira Security_is1","Microsoft\\Windows\\CurrentVersion\\Uninstall\\Norton Utilities"],"cp":"https://www.avast.com/privacy-policy#pc","ctu":"https://www.avast.com/eula#pc","ov":61,"ram":1000,"disk":2000,"pv":"1.32","v":5}},{"ad":{"n":9,"nn":"Med_Ntiles","f":"ZB_Avast","o":"AVAST"},"ps":{"i":"AVAST/images/DOTPS-1511/547X280/EN.png","dn":"Avast Antivirus","u":"AVAST/files/cookie_mmm_irs_ppi_005_888_a.zip","p":"/silent /ws /psh:{pxl}","rvd":["HKLM\\SYSTEM\\CurrentControlSet\\Control\\Session Manager\\Environment\\PROCESSOR_ARCHITECTURE\\ARM64"],"r":["AVAST Software\\Avast","Microsoft\\Windows\\CurrentVersion\\Uninstall\\Avast","Microsoft\\Windows\\CurrentVersion\\Uninstall\\Avast Antivirus","Microsoft\\Windows\\CurrentVersion\\Uninstall\\AVG Antivirus","Microsoft\\Windows\\CurrentVersion\\Uninstall\\{4CB91122-AA85-4431-953C-BEFAEC86DA97}_is1","WebBar","WebDiscoverBrowser","AVG\\Antivirus\\Version","AVG\\AV\\Dir"],"a":["AvastSvc","instup","AvastUI","AVGUI","avguix","AVGSvc","avgsvca"],"ctu":"https://www.avast.com/eula-avast-consumer-products","cp":"https://www.avast.com/privacy-policy","ov":61,"cbfo":true,"avauc":true,"avur":"AvUninstallTimestamp","pv":"1.29","x":12,"disk":2560,"ram":256,"iapp":["chrome.exe"],"v":1}},{"ad":{"n":"","f":"ZB_MSSP","o":"MSSP"},"ps":{"i":"MSSP/images/lightBG/EN.png","dn":"MSSP","u":"MSSP/files/DOTPS-595/securityscan_release_small.zip","p":"/silent","r":["Microsoft\\Windows\\CurrentVersion\\Uninstall\\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}","McAfee\\SiteAdvisor","McAfee\\WebAdvisor","Microsoft\\Windows\\CurrentVersion\\Uninstall\\McAfee Security Scan"],"rvd":["HKLM\\SYSTEM\\CurrentControlSet\\Control\\Session Manager\\Environment\\PROCESSOR_ARCHITECTURE\\ARM64"],"cp":"https://www.mcafee.com/consumer/en-us/policy/global/legal.html","ctu":"https://home.mcafee.com/Root/AboutUs.aspx?id=eula","pv":"1.26","ov":63,"ud":true,"v":4}},{"ad
Source: BitComet.exe, 0000000D.00000002.2417931691.0000023E813D6000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 0000000D.00000003.2413761678.0000023E813C7000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 0000000D.00000003.2413848761.0000023E813D3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll1
Source: avg_antivirus_free_online_setup.exe, 0000000C.00000003.2390793491.000000000350E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Volume1\??\Volume{ad6cc5d8-f1a9-4873-be33-91b2f05e9306}\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:++<
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1760569997.0000000000828000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: S":"ZB_Avast","o":"AVAST"},"ps":{"i":"AVAST/images/DOTPS-1511/547X280/EN.png","dn":"Avast Antivirus","u":"AVAST/files/cookie_mmm_irs_ppi_005_888_a.zip","p":"/silent /ws /psh:{pxl}","rvd":["HKLM\\SYSTEM\\CurrentControlSet\\Control\\Session Manager\\Environment\\PROCESSOR_ARCHITECTURE\\ARM64"],"r":["AVAST Software\\Avast","Microsoft\\Windows\\CurrentVersion\\Uninstall\\Avast","Microsoft\\Windows\\CurrentVersion\\Uninstall\\Avast Antivirus","Microsoft\\Windows\\CurrentVersion\\Uninstall\\AVG Antivirus","Microsoft\\Windows\\CurrentVersion\\Uninstall\\{4CB91122-AA85-4431-953C-BEFAEC86DA97}_is1","WebBar","WebDiscoverBrowser","AVG\\Antivirus\\Version","AVG\\AV\\Dir"],"a":["AvastSvc","instup","AvastUI","AVGUI","avguix","AVGSvc","avgsvca"],"ctu":"https://www.avast.com/eula-avast-consumer-products","cp":"https://www.avast.com/privacy-policy","ov":61,"cbfo":true,"avauc":true,"avur":"AvUninstallTimestamp","pv":"1.29","x":12,"disk":2560,"ram":256,"iapp":["chrome.exe"],"v":1}},{"ad":{"n":"","f":"ZB_MSSP","o":"MSSP"},"ps":{"i":"MSSP/images/lightBG/EN.png","dn":"MSSP","u":"MSSP/files/DOTPS-595/securityscan_release_small.zip","p":"/silent","r":["Microsoft\\Windows\\CurrentVersion\\Uninstall\\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}","McAfee\\SiteAdvisor","McAfee\\WebAdvisor","Microsoft\\Windows\\CurrentVersion\\Uninstall\\McAfee Security Scan"],"rvd":["HKLM\\SYSTEM\\CurrentControlSet\\Control\\Session Manager\\Environment\\PROCESSOR_ARCHITECTURE\\ARM64"],"cp":"https://www.mcafee.com/consumer/en-us/policy/global/legal.html","ctu":"https://home.mcafee.com/Root/AboutUs.aspx?id=eula","pv":"1.26","ov":63,"ud":true,"v":4}},{"ad":{"n":"","f":"ZB_TotalSecurity_V4","o":"TotalSecurity_AV"},"ps":{"i":"TotalSecurity_AV/images/1127/V4/EN.png","dn":"360 Total Security","u":"TotalSecurity_AV/files/1127/ts360Setup.zip","p":"/s","r":["Microsoft\\Windows\\CurrentVersion\\Uninstall\\360TotalSecurity","360TotalSecurity","360Safe","VMware, Inc."],"cp":"https://www.360
Source: avg_antivirus_free_online_setup.exe, 0000000C.00000003.2391715848.0000000003536000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \Device\HarddiskVolume1\??\Volume{ad6cc5d8-f1a9-4873-be33-91b2f05e9306}\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:$
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2363617302.0000000004EF6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-0L
Source: avg_antivirus_free_online_setup.exe, 0000000C.00000002.2976217934.0000000003565000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: /icarus-info-path:C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\icarus-info.xml /install /silent /ws /psh:92pTu5fbOaMVqHXWzRazGwcsjZOgyQNZV0BXrS1y4TWZ27PXSitlzA5vE30PraTCAoRM4emN7pEfhI /cookie:mmm_irs_ppi_902_451_o /edat_dir:C:\Windows\Temp\asw.481015ae89dc80a3 /track-guid:1840c678-d62a-4945-8e4f-36eaf3f0c4a5e33-91b2f05e9306}\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1778301135.000000000085C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: "ctu":"https://home.mcafee.com/Root/AboutUs.aspx?id=eula","pv":"1.26","ov":63,"ud":true,"v":4}},{"ad":{"n":"","f":"ZB_TotalSecurity_V4","o":"TotalSecurity_AV"},"ps":{"i":"TotalSecurity_AV/images/1127/V4/EN.png","dn":"360 Total Security","u":"TotalSecurity_AV/files/1127/ts360Setup.zip","p":"/s","r":["Microsoft\\Windows\\CurrentVersion\\Uninstall\\360TotalSecurity","360TotalSecurity","360Safe","VMware, Inc."],"cp":"https://www.360
Source: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2110428676.000000000087D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: "Microsoft\\Windows\\CurrentVersion\\Uninstall\\360TotalSecurity","360TotalSecurity","360Safe","VMware, Inc."],"cp":"https://www.360totalsecurity.com/en/privacy/","ctu":"https://www.360totalsecurity.com/en/license/","pv":"1.26","cbfo":true,"v":1}},{"ad":{"n":"","f":"ZB_Opera_re_V3","o":"Opera_reengaged"},"ps":{"i":"Opera/images/DOTPS-483/EN.png","dn":"Opera","u":"Opera/files/AutoReplaced/OperaSetup.zip","p":"--silent --allusers=0 --otd=utm.medium:pb,utm.source:ais,utm.campaign:opera_reengaged","c":"opera_reengaged","a":["OperaSetup","OperaSetup.exe","OperaGXSetup.exe","OperaGXSetup"],"ir":["Opera Software"],"rp":["Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\^Opera"],"cp":"https://www.opera.com/he/privacy","ctu":"https://www.opera.com/he/eula/computers","ov":100,"cbfo":true,"pv":"1.34","v":3,"x":3}},{"ad":{"n":"","f":"ZB_BuddiesUno_V2","o":"BuddiesUno"},"ps":{"dn":"Buddies Uno","i":"BuddiesUno/images/1514/V2/EN.png","u":"BuddiesUno/files/1561-aflt/UnoBuddies.zip","p":"/S /delaylaunch=3 /aflt={pubid}","rvn":["HKEY_CURRENT_USER\\SOFTWARE\\Uno Buddies\\Main\\UserID"],"cp":"https://buddies.uno/Software/PrivacyPolicy/PrivayPolicy.html","ctu":"https://buddies.uno/Software/Eula/eula.html","ov":100,"pv":"1.32","v":7}}],"c":""}
Source: avg_antivirus_free_online_setup.exe, 0000000C.00000003.2390869438.000000000351D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \Device\HarddiskVolume1\??\Volume{ad6cc5d8-f1a9-4873-be33-91b2f05e9306}\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:%%

Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe

API call chain: ExitProcess graph end node

graph_5-3736

Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Potentially malicious time measurement code found

Source: C:\Program Files\BitComet\tools\BitCometService.exe	Code function: 7_2_00401440		7_2_00401440
Source: C:\Program Files\BitComet\tools\BitCometService.exe	Code function: 7_2_004013D0		7_2_004013D0

Checks if the current process is being debugged

Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp

Process queried: DebugPort

Jump to behavior

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Program Files\BitComet\tools\BitCometService.exe

Code function: 7_2_00401440 rdtsc

7_2_00401440

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Source: C:\Users\user\AppData\Local\Temp\nscA1E4.tmp\BitComet_stats.exe

Code function: 8_2_0040D1EB _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,

8_2_0040D1EB

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe

Code function: 10_2_00635204 RegOpenKeyExW,RegQueryValueExW,SetLastError,RegCloseKey,RegCloseKey,GetLastError,OutputDebugStringW,OutputDebugStringW,OutputDebugStringW,LoadLibraryExW,GetLastError,

10_2_00635204

Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)

Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe

Code function: 10_2_00624C8E GetCurrentProcessId,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,FindCloseChangeNotification,

10_2_00624C8E

Contains functionality to create guard pages, often used to hinder reverse engineering and debugging

Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe

Code function: 10_2_006C7BC0 VirtualProtect ?,-00000001,00000104,?,?,?,0000001C

10_2_006C7BC0

Contains functionality to dynamically determine API calls

Source: C:\Users\user\AppData\Local\Temp\nscA1E4.tmp\BitComet_stats.exe

8_2_0040A15D

Contains functionality to read the PEB

Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Code function: 10_2_006AE8FE mov eax, dword ptr fs:[00000030h]	10_2_006AE8FE
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Code function: 10_2_006B7C6A mov eax, dword ptr fs:[00000030h]	10_2_006B7C6A
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Code function: 10_2_006B7CF2 mov eax, dword ptr fs:[00000030h]	10_2_006B7CF2
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Code function: 10_2_006B7CAE mov eax, dword ptr fs:[00000030h]	10_2_006B7CAE
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Code function: 10_2_006B7D23 mov eax, dword ptr fs:[00000030h]	10_2_006B7D23
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe	Code function: 11_2_000B7C5A mov eax, dword ptr fs:[00000030h]	11_2_000B7C5A
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Code function: 12_2_00DABE06 mov eax, dword ptr fs:[00000030h]	12_2_00DABE06
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Code function: 12_2_00DA4A68 mov ecx, dword ptr fs:[00000030h]	12_2_00DA4A68
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Code function: 12_2_00DABE4A mov eax, dword ptr fs:[00000030h]	12_2_00DABE4A

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Source: C:\Users\user\AppData\Local\Temp\nscA1E4.tmp\BitComet_stats.exe

Code function: 8_2_0040A2BF GetProcessHeap,HeapAlloc,RtlInterlockedPopEntrySList,VirtualAlloc,RtlInterlockedPopEntrySList,VirtualFree,RtlInterlockedPushEntrySList,

8_2_0040A2BF

Enables debug privileges

Source: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\common\icarus.exe

Process token adjusted: Debug

Source: C:\Users\user\AppData\Local\Temp\nscA1E4.tmp\BitComet_stats.exe	Code function: 8_2_0040D1EB _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	8_2_0040D1EB
Source: C:\Users\user\AppData\Local\Temp\nscA1E4.tmp\BitComet_stats.exe	Code function: 8_2_0040AB6A IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	8_2_0040AB6A
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Code function: 10_2_00699018 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	10_2_00699018
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Code function: 10_2_006993F2 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	10_2_006993F2
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Code function: 10_2_0069D453 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	10_2_0069D453
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Code function: 10_2_00699586 SetUnhandledExceptionFilter,	10_2_00699586
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe	Code function: 11_2_000B10FF IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	11_2_000B10FF
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe	Code function: 11_2_000B1292 SetUnhandledExceptionFilter,	11_2_000B1292
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe	Code function: 11_2_000B13AB SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	11_2_000B13AB
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe	Code function: 11_2_000B4476 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	11_2_000B4476
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Code function: 12_2_00D6C8F1 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	12_2_00D6C8F1
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Code function: 12_2_00D929F3 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	12_2_00D929F3
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Code function: 12_2_00D6D3B0 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	12_2_00D6D3B0

HIPS / PFW / Operating System Protection Evasion

Creates a process in suspended mode (likely to inject code)

Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Process created: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe "C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe" /affid 91088 PaidDistribution=true CountryCode=US	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Process created: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe "C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe" /silent /ws /psh:92pTu5fbOaMVqHXWzRazGwcsjZOgyQNZV0BXrS1y4TWZ27PXSitlzA5vE30PraTCAoRM4emN7pEfhI	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Process created: C:\Program Files\BitComet\tools\BitCometService.exe "C:\Program Files\BitComet\tools\BitCometService.exe" /reg	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe	Process created: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe "C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe" /silent /ws /psh:92pTu5fbOaMVqHXWzRazGwcsjZOgyQNZV0BXrS1y4TWZ27PXSitlzA5vE30PraTCAoRM4emN7pEfhI /cookie:mmm_irs_ppi_902_451_o /ga_clientid:1840c678-d62a-4945-8e4f-36eaf3f0c4a5 /edat_dir:C:\Windows\Temp\asw.481015ae89dc80a3
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Process created: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\common\icarus.exe C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\common\icarus.exe /icarus-info-path:C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\icarus-info.xml /install /silent /ws /psh:92pTu5fbOaMVqHXWzRazGwcsjZOgyQNZV0BXrS1y4TWZ27PXSitlzA5vE30PraTCAoRM4emN7pEfhI /cookie:mmm_irs_ppi_902_451_o /edat_dir:C:\Windows\Temp\asw.481015ae89dc80a3 /track-guid:1840c678-d62a-4945-8e4f-36eaf3f0c4a5
Source: C:\Program Files\BitComet\BitComet.exe	Process created: C:\Program Files\BitComet\tools\UPNP.exe "C:\Program Files\BitComet\tools\UPNP.exe" -addfw -app BitComet -tcpport 9652 -udpport 9652 -q
Source: C:\Program Files\BitComet\BitComet.exe	Process created: C:\Program Files\BitComet\tools\UPNP.exe "C:\Program Files\BitComet\tools\UPNP.exe" -add -app BitComet -lanip 192.168.2.4 -tcpport 9652 -udpport 9652 -q
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 6740 -ip 6740
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6740 -s 968
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 6740 -ip 6740
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6740 -s 968
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\user\AppData\Local\BitComet\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\user\AppData\Local\BitComet\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=117.0.2045.47 --initial-client-data=0x15c,0x160,0x164,0x138,0x170,0x7ffdfab78e88,0x7ffdfab78e98,0x7ffdfab78ea8
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\BitComet\EBWebView" --webview-exe-name=BitComet.exe --webview-exe-version=2.08 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2484 --field-trial-handle=2496,i,9344401132103162842,1077608115730467345,262144 --enable-features=MojoIpcz /prefetch:2
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\BitComet\EBWebView" --webview-exe-name=BitComet.exe --webview-exe-version=2.08 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2924 --field-trial-handle=2496,i,9344401132103162842,1077608115730467345,262144 --enable-features=MojoIpcz /prefetch:3
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\BitComet\EBWebView" --webview-exe-name=BitComet.exe --webview-exe-version=2.08 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2920 --field-trial-handle=2496,i,9344401132103162842,1077608115730467345,262144 --enable-features=MojoIpcz /prefetch:8
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\BitComet\EBWebView" --webview-exe-name=BitComet.exe --webview-exe-version=2.08 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --disable-nacl --first-renderer-process --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1721324864909880 --launch-time-ticks=6693313984 --mojo-platform-channel-handle=3272 --field-trial-handle=2496,i,9344401132103162842,1077608115730467345,262144 --enable-features=MojoIpcz /prefetch:1
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\BitComet\EBWebView" --webview-exe-name=BitComet.exe --webview-exe-version=2.08 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --disable-nacl --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1721324864909880 --launch-time-ticks=6693485965 --mojo-platform-channel-handle=3588 --field-trial-handle=2496,i,9344401132103162842,1077608115730467345,262144 --enable-features=MojoIpcz /prefetch:1
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\BitComet\EBWebView" --webview-exe-name=BitComet.exe --webview-exe-version=2.08 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --disable-nacl --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1721324864909880 --launch-time-ticks=6693635288 --mojo-platform-channel-handle=3776 --field-trial-handle=2496,i,9344401132103162842,1077608115730467345,262144 --enable-features=MojoIpcz /prefetch:1
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\BitComet\EBWebView" --webview-exe-name=BitComet.exe --webview-exe-version=2.08 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --disable-nacl --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1721324864909880 --launch-time-ticks=6693754114 --mojo-platform-channel-handle=4048 --field-trial-handle=2496,i,9344401132103162842,1077608115730467345,262144 --enable-features=MojoIpcz /prefetch:1
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\BitComet\EBWebView" --webview-exe-name=BitComet.exe --webview-exe-version=2.08 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --disable-nacl --disable-gpu-compositing --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1721324864909880 --launch-time-ticks=6697808392 --mojo-platform-channel-handle=4692 --field-trial-handle=2496,i,9344401132103162842,1077608115730467345,262144 --enable-features=MojoIpcz /prefetch:1
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\BitComet\EBWebView" --webview-exe-name=BitComet.exe --webview-exe-version=2.08 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --disable-nacl --disable-gpu-compositing --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1721324864909880 --launch-time-ticks=6698303265 --mojo-platform-channel-handle=4760 --field-trial-handle=2496,i,9344401132103162842,1077608115730467345,262144 --enable-features=MojoIpcz /prefetch:1
Source: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\common\icarus.exe	Process created: unknown unknown
Source: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\common\icarus.exe	Process created: unknown unknown

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe

Code function: 12_2_00CEFD70 AllocateAndInitializeSid,GetLengthSid,LocalAlloc,CopySid,LocalAlloc,InitializeAcl,AddAce,TreeResetNamedSecurityInfoW,SetLastError,

12_2_00CEFD70

Source: BitComet.exe, 0000000D.00000002.2420857876.00007FF664E1C000.00000002.00000001.01000000.00000019.sdmp, BitComet.exe, 0000000D.00000000.2403166450.00007FF664E1C000.00000002.00000001.01000000.00000019.sdmp

Binary or memory string: RunningTasksThumbnailTipHelper::ShowThumbnailAtCursorIfTaskbarCreatedTrayIconTrayClockWClassShell_TrayWndCtrlSettings: handle saved for remove invalid system tray icon aftrer crashsystray_hidesystray_animatmpTrayNotifyWnd

Language, Device and Operating System Detection

Contains functionality to query CPU information (cpuid)

Source: C:\Program Files\BitComet\tools\BitCometService.exe

Code function: 7_2_00401000 cpuid

7_2_00401000

Contains functionality to query locales information (e.g. system language)

Source: C:\Users\user\AppData\Local\Temp\nscA1E4.tmp\BitComet_stats.exe	Code function: GetThreadLocale,GetLocaleInfoA,GetACP,	8_2_0040A06A
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Code function: GetLocaleInfoW,	10_2_006B45DA
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Code function: EnumSystemLocalesW,	10_2_006BC952
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Code function: EnumSystemLocalesW,	10_2_006BC907
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Code function: EnumSystemLocalesW,	10_2_006BC9ED
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	10_2_006BCA80
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Code function: GetLocaleInfoW,	10_2_006BCCE0
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	10_2_006BCE06
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Code function: GetLocaleInfoW,	10_2_006BCF0C
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	10_2_006BCFDB
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Code function: GetLocaleInfoEx,	10_2_00697E28
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	Code function: EnumSystemLocalesW,	10_2_006B3F6D
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Code function: GetACP,IsValidCodePage,GetLocaleInfoW,	12_2_00DB499F
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Code function: GetLocaleInfoW,	12_2_00DB4BA0
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Code function: EnumSystemLocalesW,	12_2_00DB4C92
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Code function: EnumSystemLocalesW,	12_2_00DB4C47
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	12_2_00DB4DC0
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Code function: EnumSystemLocalesW,	12_2_00DB4D2D
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Code function: GetLocaleInfoW,	12_2_00DB5020
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	12_2_00DB5149
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Code function: GetLocaleInfoW,	12_2_00DB524F
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	12_2_00DB531E
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Code function: EnumSystemLocalesW,	12_2_00DAB5CD
Source: C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	Code function: GetLocaleInfoW,	12_2_00DABB33

Queries information about the installed CPU (vendor, model number etc)

Source: C:\Program Files\BitComet\BitComet.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Program Files\BitComet\BitComet.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\common\icarus.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Queries volume information: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\logo.png VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Queries volume information: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\AVG_AV.png VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Queries volume information: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Queries volume information: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Queries volume information: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Queries volume information: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Queries volume information: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Queries volume information: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Queries volume information: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Queries volume information: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Queries volume information: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Queries volume information: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	Queries volume information: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\finish.png VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Program Files\BitComet\BitComet.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files\BitComet\BitComet.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files\BitComet\BitComet.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\WidevineCdm\manifest.json VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\Trust Protection Lists\manifest.json VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\System32\spool\drivers\color\sRGB Color Space Profile.icm VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\MEIPreload\preloaded_data.pb VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Users\user\AppData\Local\BitComet\EBWebView\Default\Network\SCT Auditing Pending Reports VolumeInformation
Source: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\common\icarus.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\common\icarus.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\common\icarus.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\common\icarus.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\common\icarus.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\common\icarus.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\common\icarus.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\common\icarus.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\common\icarus.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\common\icarus.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation

Source: C:\Program Files\BitComet\tools\BitCometService.exe

Code function: 7_2_00488585 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

7_2_00488585

Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe

5_2_004034A5

Source: C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Lowering of HIPS / PFW / Operating System Security Settings

AV process strings found (often used to terminate AV products)

Source: BitComet.exe, 0000000D.00000003.2414040675.0000023E813B7000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 0000000D.00000003.2413916853.0000023E813AC000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: RavLite.exe

Adds / modifies Windows certificates

Source: C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe

Registry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8 Blob

Jump to behavior

Source: C:\Program Files\BitComet\BitComet.exe

Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION

Stealing of Sensitive Information

Yara detected PrivateLoader

Source: Yara match	File source: 7.0.BitCometService.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.2.BitCometService.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.2.BitCometService.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.0.BitCometService.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.BitComet_2.08a_setup.exe.2795664.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.BitComet_2.08a_setup.exe.2a24690.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.BitComet_2.08a_setup.exe.2795664.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000007.00000000.2218766402.0000000000401000.00000020.00000001.01000000.00000011.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000000.2414944136.0000000000401000.00000020.00000001.01000000.00000011.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.2966448744.0000000000401000.00000020.00000001.01000000.00000011.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.2249442158.0000000002794000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.2219985855.0000000000401000.00000020.00000001.01000000.00000011.sdmp, type: MEMORY
Source: Yara match	File source: C:\Program Files\BitComet\tools\BitCometService.exe, type: DROPPED
Source: Yara match	File source: C:\Program Files\BitComet\tools\VideoSnapshot.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\nsrA1A4.tmp, type: DROPPED

Yara detected QueryWinSAT ClassID

Source: Yara match	File source: 00000001.00000003.2291295416.0000000000884000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp PID: 6740, type: MEMORYSTR

Remote Access Functionality

Yara detected PrivateLoader

Source: Yara match	File source: 7.0.BitCometService.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.2.BitCometService.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.2.BitCometService.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.0.BitCometService.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.BitComet_2.08a_setup.exe.2795664.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.BitComet_2.08a_setup.exe.2a24690.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.BitComet_2.08a_setup.exe.2795664.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000007.00000000.2218766402.0000000000401000.00000020.00000001.01000000.00000011.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000000.2414944136.0000000000401000.00000020.00000001.01000000.00000011.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.2966448744.0000000000401000.00000020.00000001.01000000.00000011.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.2249442158.0000000002794000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.2219985855.0000000000401000.00000020.00000001.01000000.00000011.sdmp, type: MEMORY
Source: Yara match	File source: C:\Program Files\BitComet\tools\BitCometService.exe, type: DROPPED
Source: Yara match	File source: C:\Program Files\BitComet\tools\VideoSnapshot.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\nsrA1A4.tmp, type: DROPPED

Yara detected QueryWinSAT ClassID

Source: Yara match	File source: 00000001.00000003.2291295416.0000000000884000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp PID: 6740, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
1 Software	1 Scripting	1 Valid Accounts	11 Native API	1 Scripting	1 DLL Side-Loading	2 Disable or Modify Tools	1 Network Sniffing	1 System Time Discovery	Remote Services	11 Archive Collected Data	1 Ingress Tool Transfer	Exfiltration Over Other Network Medium	1 Data Encrypted for Impact
Credentials	Domains	Default Accounts	14 Command and Scripting Interpreter	1 DLL Side-Loading	1 Valid Accounts	1 Deobfuscate/Decode Files or Information	LSASS Memory	4 File and Directory Discovery	Remote Desktop Protocol	1 Clipboard Data	21 Encrypted Channel	Exfiltration Over Bluetooth	1 System Shutdown/Reboot
Email Addresses	DNS Server	Domain Accounts	1 Scheduled Task/Job	1 Valid Accounts	11 Access Token Manipulation	3 Obfuscated Files or Information	Security Account Manager	1 Network Sniffing	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Non-Standard Port	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	1 Windows Service	1 Windows Service	1 Software Packing	NTDS	67 System Information Discovery	Distributed Component Object Model	Input Capture	3 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	1 Scheduled Task/Job	12 Process Injection	1 DLL Side-Loading	LSA Secrets	1 Query Registry	SSH	Keylogging	14 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	1 Registry Run Keys / Startup Folder	1 Scheduled Task/Job	23 Masquerading	Cached Domain Credentials	281 Security Software Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	1 Bootkit	1 Registry Run Keys / Startup Folder	1 Valid Accounts	DCSync	15 Virtualization/Sandbox Evasion	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	15 Virtualization/Sandbox Evasion	Proc Filesystem	3 Process Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	11 Modify Registry	/etc/passwd and /etc/shadow	1 Application Window Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	11 Access Token Manipulation	Network Sniffing	2 System Owner/User Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement
Network Security Appliances	Domains	Compromise Software Dependencies and Development Tools	AppleScript	Launchd	Launchd	12 Process Injection	Input Capture	1 Remote System Discovery	Software Deployment Tools	Remote Data Staging	Mail Protocols	Exfiltration Over Unencrypted Non-C2 Protocol	Firmware Corruption
Gather Victim Org Information	DNS Server	Compromise Software Supply Chain	Windows Command Shell	Scheduled Task	Scheduled Task	1 Bootkit	Keylogging	Process Discovery	Taint Shared Content	Screen Capture	DNS	Exfiltration Over Physical Medium	Resource Hijacking

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
SecuriteInfo.com.Riskware.OfferCore.5002.4698.exe	18%	ReversingLabs	Win32.PUA.OfferCore

Dropped Files

Source	Detection	Scanner
C:\Program Files\BitComet\BitComet.exe	4%	ReversingLabs
C:\Program Files\BitComet\CrashReport.exe	0%	ReversingLabs
C:\Program Files\BitComet\WebView2Loader.dll	0%	ReversingLabs
C:\Program Files\BitComet\tools\BitCometAgent_1.92.7.9.dll	0%	ReversingLabs
C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll	0%	ReversingLabs
C:\Program Files\BitComet\tools\BitCometService.exe	0%	ReversingLabs
C:\Program Files\BitComet\tools\BitCometToastsNotifier.exe	0%	ReversingLabs
C:\Program Files\BitComet\tools\ChromeLauncher.exe	0%	ReversingLabs
C:\Program Files\BitComet\tools\UPNP.exe	0%	ReversingLabs
C:\Program Files\BitComet\tools\Updater.exe	9%	ReversingLabs
C:\Program Files\BitComet\tools\VideoSnapshot.exe	0%	ReversingLabs
C:\Program Files\BitComet\uninst.exe	0%	ReversingLabs
C:\Program Files\McAfee\Temp1561643107\installer.exe	0%	ReversingLabs
C:\Program Files\McAfee\Temp1561643107\resource.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\is-0RAUV.tmp\SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe (copy)	17%	ReversingLabs
C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\_isetup\_setup64.tmp	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\is-3V26O.tmp	17%	ReversingLabs
C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\installer.exe	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod0_extract\saBSI.exe	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\prod1_extract\avg_antivirus_free_setup.exe	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\zbShieldUtils.dll	5%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nscA1E4.tmp\BcNsisHelper.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nscA1E4.tmp\BcNsisHelperXP.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nscA1E4.tmp\BitCometService.exe	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nscA1E4.tmp\BitComet_stats.exe	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nscA1E4.tmp\System.dll	3%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nscA1E4.tmp\http_Downloader.exe	0%	ReversingLabs
C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\avg-av-vps\bug_report.exe	0%	ReversingLabs
C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\avg-av-vps\dump_process.exe	0%	ReversingLabs
C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\avg-av-vps\icarus.exe	0%	ReversingLabs
C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\avg-av-vps\icarus_product.dll	0%	ReversingLabs
C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\avg-av-vps\icarus_rvrt.exe	0%	ReversingLabs
C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\avg-av\aswOfferTool.exe	0%	ReversingLabs
C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\avg-av\bug_report.exe	0%	ReversingLabs
C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\avg-av\dump_process.exe	0%	ReversingLabs
C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\avg-av\icarus.exe	0%	ReversingLabs
C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\avg-av\icarus_product.dll	0%	ReversingLabs
C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\avg-av\icarus_rvrt.exe	0%	ReversingLabs
C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\avg-av\icarus_ui.exe	0%	ReversingLabs
C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\common\bug_report.exe	0%	ReversingLabs
C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\common\dump_process.exe	0%	ReversingLabs
C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\common\icarus.exe	0%	ReversingLabs
C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\common\icarus_mod.dll	0%	ReversingLabs
C:\Windows\Temp\asw-486ccf90-af98-43bc-87a3-331aebaa6706\common\icarus_ui.exe	0%	ReversingLabs
C:\Windows\Temp\asw.481015ae89dc80a3\avg_antivirus_free_online_setup.exe	0%	ReversingLabs

Source	Detection	Scanner	Label
https://www.remobjects.com/ps	0%	URL Reputation	safe
https://www.innosetup.com/	0%	URL Reputation	safe
http://www.certum.pl/CPS0	0%	URL Reputation	safe
https://honzik.avcdn.net/universe/2445/f8a0/b75b/2445f8a0b75beb1a77428c2d605189876222fb9d53e3b187f7b	0%	Avira URL Cloud	safe
https://sadownload.mcafee.com:443/products/SA/v1/installer/4.1.1/914/64/installer.exe	0%	Avira URL Cloud	safe
https://d11iilsblp9z11.cloudfront.net/f/AVG_AV/files/1319/avg.zipI.ziI	0%	Avira URL Cloud	safe
https://sadownload.mcafee.com/t	0%	Avira URL Cloud	safe
https://d11iilsblp9z11.cloudfront.net/f/AVG_AV/files/1319/avg.zip	0%	Avira URL Cloud	safe
https://webcompanion.com/terms	0%	Avira URL Cloud	safe
https://sadownload.mcafee.com/r	0%	Avira URL Cloud	safe
https://d11iilsblp9z11.cloudfront.net/f/AVG_AV/images/1509/EN.pngngzA5vE30PraTCAoRM4emN7pEfhIdll	0%	Avira URL Cloud	safe
http://download.bitcomet.com/bitcomet/bitcomet_setup.exe	0%	Avira URL Cloud	safe
https://honzik.avcdn.net:443/universe/9fcc/f245/57f7/9fccf24557f7691f06726fa651a35b48bdbac4556cb6318	0%	Avira URL Cloud	safe
https://sadownload.mcafee.com/products/SA/BSI/bsi_DistributionRules.xml/	0%	Avira URL Cloud	safe
https://home.mcafee.com/Root/AboutUs.aspx?id=eula	0%	Avira URL Cloud	safe
https://buddies.uno/Software/PrivacyPolicy/PrivayPolicy.htm_ZHg	0%	Avira URL Cloud	safe
https://www.avg.com/ww-en/privacynet/r	0%	Avira URL Cloud	safe
https://analytics.apis.mcafee.comse	0%	Avira URL Cloud	safe
https://honzik.avcdn.net/defs/avg-av/release.xml.lzma	0%	Avira URL Cloud	safe
https://buddies.uno/Software/PrivacyPolicy/Privao	0%	Avira URL Cloud	safe
https://www.mcafee.com/consumer/en-us/policy/legal.htmld	0%	Avira URL Cloud	safe
https://analytics.apis.mcafee.com/mosaic/2.0/product-web/am/v1/recorder	0%	Avira URL Cloud	safe
https://www.premieropinion.com/common/termsofservice-v1	0%	Avira URL Cloud	safe
https://d11iilsblp9z11.cloudfront.net/zbd	0%	Avira URL Cloud	safe
https://honzik.avcdn.net/universe/d936/7c5e/474b/d9367c5e474bca83cb06f583f2fb42ef2517d769cc82722201a	0%	Avira URL Cloud	safe
https://cdn.pawns.app/download/sdk/latest/windows/pawns-sdk.dll	0%	Avira URL Cloud	safe
https://firefoxextension.avast.com/aos/update.json	0%	Avira URL Cloud	safe
https://sadownload.mcafee.com/products/sa/bsi/win/binary/	0%	Avira URL Cloud	safe
https://www.avg.com/ww-en/privacynet/j	0%	Avira URL Cloud	safe
https://www.mcafee.com/consumer/en-us/policy/legal.html5Z	0%	Avira URL Cloud	safe
https://sadownload.mcafee.com/U	0%	Avira URL Cloud	safe
https://www.mcafee.com/consumer/en-us/policy/legal.htmlr	0%	Avira URL Cloud	safe
https://www.avg.com/ww-en/eula/en-us/	0%	Avira URL Cloud	safe
http://submit.fileshot.net/query/POST3api_versionvl_hashfile_size	0%	Avira URL Cloud	safe
https://buddies.uno/Software/PrivacyPolicy/Pri	0%	Avira URL Cloud	safe
https://d11iilsblp9z11.cloudfront.net/f/AVG_AV/files/1319/avg.zipI.zi6	0%	Avira URL Cloud	safe
https://analytics.avcdn.net:443/v4/receive/json/25t	0%	Avira URL Cloud	safe
https://sadownload.mcafee.com/products/SA/BSI/bsi_abtest.xml	0%	Avira URL Cloud	safe
https://winqual.sb.avast.com	0%	Avira URL Cloud	safe
https://buddies.uno/Software/Eula/eula.htm	0%	Avira URL Cloud	safe
https://sadownload.mcafee.com/G	0%	Avira URL Cloud	safe
http://www.winimage.com/zLibDllDELETEPUTCONNECTTRACECOPYLOCKMKCOLMOVEPROPFINDPROPPATCHSEARCHUNLOCKBI	0%	Avira URL Cloud	safe
https://www.mcafee.com/consumer/v/wa-how.htmlD	0%	Avira URL Cloud	safe
ftp://http://%.20s%ddefault%d%.20scopying	0%	Avira URL Cloud	safe
https://www.mcafee.com/consumer/en-us/policy/global/lega	0%	Avira URL Cloud	safe
http://ccsca2021.ocsp-certum.com05	0%	Avira URL Cloud	safe
https://d11iilsblp9z11.cloudfront.net/f/AVG_AV/files/1319/avg.zipi	0%	Avira URL Cloud	safe
https://my.avast.com	0%	Avira URL Cloud	safe
https://www.mcafee.com/consumer/en-us/policy/legal.html$Z	0%	Avira URL Cloud	safe
https://inside.bitcomet.com/start/en_us/2.08/	0%	Avira URL Cloud	safe
https://analytics.avcdn.net/v4/receive/json/25Sent	0%	Avira URL Cloud	safe
https://apphit.com/?random=1&style=iframe	0%	Avira URL Cloud	safe
https://d11iilsblp9z11.cloudfront.net/f/WebAdvisor/files/1489/saBSI.zipEC8	0%	Avira URL Cloud	safe
https://www.mcafee.com/consumer/v/wa-how.html6	0%	Avira URL Cloud	safe
https://www.bitcomet.com/client/install-stats/?l=en_us&file=BitComet_2.08a_setup.exe&p=x64C:	0%	Avira URL Cloud	safe
https://www.avg.com/ww-en/privacynet/f/WebAdvisor/images/NEW/EN.pngipS	0%	Avira URL Cloud	safe
https://sadownload.mcafee.com/products/SA/BSI/bsi_PartnerDistribution.xml	0%	Avira URL Cloud	safe
https://www.winzip.com/win/en/privacy.html	0%	Avira URL Cloud	safe
http://mirror.com/pub/file.exe	0%	Avira URL Cloud	safe
https://www.avg.com/ww-en/privacy-us/K	0%	Avira URL Cloud	safe
https://www.bitcomet.com/client/install-stats/?l=en_us&file=BitComet_2.08a_setup.exe&p=x64=	0%	Avira URL Cloud	safe
https://image.apphit.com/image/app/veracrypt/veracrypt-logo.svg	0%	Avira URL Cloud	safe
https://id.avast.com/inAvastium	0%	Avira URL Cloud	safe
https://www.avast.com/eula#pc	0%	Avira URL Cloud	safe
https://buddies.uno/Software/PrivacyPolicy/PrivayPolicy	0%	Avira URL Cloud	safe
https://shepherd.avcdn.net	0%	Avira URL Cloud	safe
https://www.bitcomet.com/client/install-stats/?l=en_us&file=BitComet_2.08a_setup.exe&p=x64;	0%	Avira URL Cloud	safe
https://www.bitcomet.com/client/install-stats/?l=en_us&file=BitComet_2.08a_setup.exe&p=x64:	0%	Avira URL Cloud	safe
https://honzik.avcdn.net/universe/4d26/a67d/9fb8/4d26a67d9fb882ba9ddb9a8f90cfc0a1f17c5f526abb83671f6	0%	Avira URL Cloud	safe
https://www.avg.com/ww-en/eulaL	0%	Avira URL Cloud	safe
https://sadownload.mcafee.com:443/products/SA/BSI/bsi_DistributionRules.xmlRECONDITION	0%	Avira URL Cloud	safe
https://www.avg.com/ww-en/	0%	Avira URL Cloud	safe
https://www.opera.com/he/eula/computers	0%	Avira URL Cloud	safe
https://update.bitcomet.com/client/bitcomet/?ver=2.08&intl=en_us&osintl=jv&cid=ae7b79c1d0de3420440a531a8fc59151&btcnt=0&httpcnt=0&p=x64&idt=20240718	0%	Avira URL Cloud	safe
http://127.0.0.1	0%	Avira URL Cloud	safe
https://www.bitcomet.com/client/install-stats/?l=en_us&file=BitComet_2.08a_setup.exe&p=x64R	0%	Avira URL Cloud	safe
https://sadownload.mcafee.com/products/SA/v1/installer/4.1.1/914/	0%	Avira URL Cloud	safe
https://www.mcafee.com/consumer/v/wa-how.htmlY	0%	Avira URL Cloud	safe
https://www.360totalsecurity.com/en/license/u=	0%	Avira URL Cloud	safe
https://analytics.apis.mcafee.com:443/mosaic/2.0/product-web/am/v1/recordY_DIST_AFFID_LIST	0%	Avira URL Cloud	safe
https://honzik.avcdn.net/setup/avg-av/release/avg_antivirus_free_online_setup.exe	0%	Avira URL Cloud	safe
https://pair.ff.avast.com	0%	Avira URL Cloud	safe
https://sadownload.mcafee.com/products/SA/BSI/bsi_DistributionRulesISB.xml	0%	Avira URL Cloud	safe
http://https://:allow_fallback/installer.exe	0%	Avira URL Cloud	safe
https://sadownload.mcafee.com/products/SA/v1/bsi/4.1.1/install.xmlhe	0%	Avira URL Cloud	safe
http://submit.sb.avast.com/V1/PD/	0%	Avira URL Cloud	safe
https://analytics.apis.mcafee.comhttps://analytics.qa.apis.mcafee.com/mosaic/2.0/product-web/am/v1/r	0%	Avira URL Cloud	safe
https://www.bitcomet.com/doc/privacy-policy.php	0%	Avira URL Cloud	safe
https://sadownload.mcafee.com/products/SA/BSI/bsi_PartnerDistribution.xml/	0%	Avira URL Cloud	safe
https://www.bitcomet.com/client/install-stats/?l=en_us&file=BitComet_2.08a_setup.exe&p=x64(	0%	Avira URL Cloud	safe
https://viruslab-samples.sb.avast.com	0%	Avira URL Cloud	safe
https://sadownload.mcafee.com/products/SA/v1/bsi	0%	Avira URL Cloud	safe
https://www.bitcomet.com/client/install-stats/?l=en_us&file=BitComet_2.08a_setup.exe&p=x64.	0%	Avira URL Cloud	safe
https://d11iilsblp9z11.cloudfront.net/f/AVG_AV/images/1509/EN.pngI.zip	0%	Avira URL Cloud	safe
https://analytics.apis.mcafee.com/	0%	Avira URL Cloud	safe
https://sadownload.mcafee.com/products/SA/BSI/bsi_vars.x	0%	Avira URL Cloud	safe
https://www.winzip.com/win/en/eula.html	0%	Avira URL Cloud	safe
https://sadownload.mcafee.com/products/sa/bsi/win/binary	0%	Avira URL Cloud	safe
https://home.mcafee.com/Root/AboutUs.aspx?iu	0%	Avira URL Cloud	safe
http://v7event.stats.avast.com:80/cgi-bin/iavsevents.cgi	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
dht.transmissionbt.com	87.98.162.88	true	false	unknown
mosaic-orio.apis.mcafee.com	52.25.171.187	true	false	unknown
chrome.cloudflare-dns.com	172.64.41.3	true	false	unknown
apphit.com	95.111.225.211	true	false	unknown
shepherd-gcp.ff.avast.com	34.160.176.28	true	false	unknown
inside.bitcomet.com	161.97.135.85	true	false	unknown
update.bitcomet.com	161.97.135.85	true	false	unknown
prod.globalsign.map.fastly.net	151.101.2.133	true	false	unknown
analytics-prod-gcp.ff.avast.com	34.117.223.223	true	false	unknown
d11iilsblp9z11.cloudfront.net	13.249.12.125	true	false	unknown
bitcomet.com	161.97.135.85	true	false	unknown
analytics.apis.mcafee.com	unknown	unknown	false	unknown
sadownload.mcafee.com	unknown	unknown	false	unknown
router.silotis.us	unknown	unknown	false	unknown
dht.libtorrent.org	unknown	unknown	false	unknown
v7event.stats.avast.com	unknown	unknown	false	unknown
router.bittorrent.com	unknown	unknown	false	unknown
www.bitcomet.com	unknown	unknown	false	unknown
shepherd.avcdn.net	unknown	unknown	false	unknown
appassets.bitcomet.com	unknown	unknown	false	unknown
router.utorrent.com	unknown	unknown	false	unknown
analytics.avcdn.net	unknown	unknown	false	unknown
honzik.avcdn.net	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://d11iilsblp9z11.cloudfront.net/f/AVG_AV/files/1319/avg.zip	false	Avira URL Cloud: safe	unknown
https://d11iilsblp9z11.cloudfront.net/zbd	false	Avira URL Cloud: safe	unknown
https://inside.bitcomet.com/start/en_us/2.08/	false	Avira URL Cloud: safe	unknown
https://apphit.com/?random=1&style=iframe	false	Avira URL Cloud: safe	unknown
https://image.apphit.com/image/app/veracrypt/veracrypt-logo.svg	false	Avira URL Cloud: safe	unknown
https://update.bitcomet.com/client/bitcomet/?ver=2.08&intl=en_us&osintl=jv&cid=ae7b79c1d0de3420440a531a8fc59151&btcnt=0&httpcnt=0&p=x64&idt=20240718	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://d11iilsblp9z11.cloudfront.net/f/AVG_AV/images/1509/EN.pngngzA5vE30PraTCAoRM4emN7pEfhIdll	SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2110428676.000000000082E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://sadownload.mcafee.com:443/products/SA/v1/installer/4.1.1/914/64/installer.exe	saBSI.exe, 0000000A.00000003.2719167639.0000000002EE3000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://webcompanion.com/terms	SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1760569997.0000000000828000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1760509842.000000000085F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2410033411.000000000082E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://sadownload.mcafee.com/t	saBSI.exe, 0000000A.00000003.2720973329.0000000002F1F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2719167639.0000000002F1E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2720589934.0000000002F1F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2721125963.0000000002F1F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://sadownload.mcafee.com/r	saBSI.exe, 0000000A.00000003.2444175220.0000000002F2A000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://honzik.avcdn.net:443/universe/9fcc/f245/57f7/9fccf24557f7691f06726fa651a35b48bdbac4556cb6318	avg_antivirus_free_online_setup.exe, 0000000C.00000002.2976217934.0000000003517000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://d11iilsblp9z11.cloudfront.net/f/AVG_AV/files/1319/avg.zipI.ziI	SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000002.2635025040.0000000004EE5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2411164366.0000000004EE4000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://honzik.avcdn.net/universe/2445/f8a0/b75b/2445f8a0b75beb1a77428c2d605189876222fb9d53e3b187f7b	avg_antivirus_free_online_setup.exe, 0000000C.00000003.2454099658.0000000003571000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://download.bitcomet.com/bitcomet/bitcomet_setup.exe	BitComet.exe, 0000000D.00000000.2403166450.00007FF664E1C000.00000002.00000001.01000000.00000019.sdmp	false	Avira URL Cloud: safe	unknown
https://home.mcafee.com/Root/AboutUs.aspx?id=eula	SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2110428676.000000000085C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2110428676.0000000000842000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1778301135.000000000085C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://sadownload.mcafee.com/products/SA/BSI/bsi_DistributionRules.xml/	saBSI.exe, 0000000A.00000003.2401095516.0000000005404000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://buddies.uno/Software/PrivacyPolicy/PrivayPolicy.htm_ZHg	SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1760569997.0000000000828000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://analytics.apis.mcafee.comse	saBSI.exe, 0000000A.00000002.2897708570.0000000002E64000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2896422358.0000000002E63000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://honzik.avcdn.net/defs/avg-av/release.xml.lzma	avg_antivirus_free_online_setup.exe, 0000000C.00000003.2403613513.0000000003571000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2405758044.0000000003571000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.premieropinion.com/common/termsofservice-v1	SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000002.2627572791.0000000003622000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1760569997.0000000000828000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1760509842.000000000085F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1778301135.0000000000824000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2410033411.0000000000824000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2110428676.0000000000824000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://buddies.uno/Software/PrivacyPolicy/Privao	SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1760569997.0000000000828000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.avg.com/ww-en/privacynet/r	SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2410033411.000000000082E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.mcafee.com/consumer/en-us/policy/legal.htmld	SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2110764000.0000000000809000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://analytics.apis.mcafee.com/mosaic/2.0/product-web/am/v1/recorder	saBSI.exe, 0000000A.00000003.2884586261.0000000005405000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000002.2900191307.0000000005405000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2486584163.0000000005404000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2884328927.0000000005404000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2718431117.0000000005404000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://cdn.pawns.app/download/sdk/latest/windows/pawns-sdk.dll	BitComet.exe, 0000000D.00000002.2420857876.00007FF664E1C000.00000002.00000001.01000000.00000019.sdmp, BitComet.exe, 0000000D.00000000.2403166450.00007FF664E1C000.00000002.00000001.01000000.00000019.sdmp	false	Avira URL Cloud: safe	unknown
https://honzik.avcdn.net/universe/d936/7c5e/474b/d9367c5e474bca83cb06f583f2fb42ef2517d769cc82722201a	avg_antivirus_free_online_setup.exe, 0000000C.00000003.2574209553.0000000003571000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://firefoxextension.avast.com/aos/update.json	avg_antivirus_free_online_setup.exe, 0000000C.00000003.2604061607.0000000005C6A000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://sadownload.mcafee.com/products/sa/bsi/win/binary/	saBSI.exe, 0000000A.00000003.2883408378.0000000005421000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2729383650.0000000005421000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2884257310.0000000005421000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2731341920.0000000005421000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2718431117.0000000005421000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2486584163.0000000005421000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2720457018.0000000005421000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.avg.com/ww-en/privacynet/j	SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000002.2637685057.0000000004F5F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2409204675.0000000004F5E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2409753961.0000000004F5F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://sadownload.mcafee.com/U	saBSI.exe, 0000000A.00000003.2444175220.0000000002F2A000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.avg.com/ww-en/eula/en-us/	SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2360300158.0000000004F5D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2361467884.0000000004F54000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2363199165.0000000004F68000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2409204675.0000000004F6A000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.mcafee.com/consumer/en-us/policy/legal.html5Z	SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1760569997.0000000000828000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1778301135.0000000000824000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2410033411.0000000000824000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2110428676.0000000000824000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.mcafee.com/consumer/en-us/policy/legal.htmlr	SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2410033411.0000000000809000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.remobjects.com/ps	SecuriteInfo.com.Riskware.OfferCore.5002.4698.exe, 00000000.00000003.1700603344.000000007FB50000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.exe, 00000000.00000003.1698345675.00000000026B0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000000.1702051510.0000000000401000.00000020.00000001.01000000.00000004.sdmp	false	URL Reputation: safe	unknown
https://d11iilsblp9z11.cloudfront.net/f/AVG_AV/files/1319/avg.zipI.zi6	SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2363617302.0000000004EE0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://submit.fileshot.net/query/POST3api_versionvl_hashfile_size	BitComet_2.08a_setup.exe, 00000005.00000002.2249442158.0000000002794000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://sadownload.mcafee.com/products/SA/BSI/bsi_abtest.xml	saBSI.exe, 0000000A.00000003.2444175220.0000000002F2A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2728067926.0000000002F1E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2884328927.0000000005404000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2718431117.0000000005404000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://buddies.uno/Software/PrivacyPolicy/Pri	SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1760569997.0000000000828000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.innosetup.com/	SecuriteInfo.com.Riskware.OfferCore.5002.4698.exe, 00000000.00000003.1700603344.000000007FB50000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.exe, 00000000.00000003.1698345675.00000000026B0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000000.1702051510.0000000000401000.00000020.00000001.01000000.00000004.sdmp	false	URL Reputation: safe	unknown
https://winqual.sb.avast.com	avg_antivirus_free_online_setup.exe, 0000000C.00000003.2577221124.0000000005DA0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://analytics.avcdn.net:443/v4/receive/json/25t	avg_antivirus_free_online_setup.exe, 0000000C.00000002.2976217934.0000000003517000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://sadownload.mcafee.com/G	saBSI.exe, 0000000A.00000003.2444175220.0000000002F2A000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://buddies.uno/Software/Eula/eula.htm	SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1760569997.0000000000815000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.mcafee.com/consumer/v/wa-how.htmlD	saBSI.exe, 0000000A.00000002.2897708570.0000000002E64000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2896422358.0000000002E63000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.winimage.com/zLibDllDELETEPUTCONNECTTRACECOPYLOCKMKCOLMOVEPROPFINDPROPPATCHSEARCHUNLOCKBI	avg_antivirus_free_online_setup.exe, 0000000C.00000003.2504355859.0000000006006000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://ccsca2021.ocsp-certum.com05	BitComet_2.08a_setup.exe, 00000005.00000002.2249442158.0000000002794000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.mcafee.com/consumer/en-us/policy/global/lega	SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2110428676.000000000085C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1778301135.000000000085C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
ftp://http://%.20s%ddefault%d%.20scopying	BitComet_2.08a_setup.exe, 00000005.00000002.2249442158.000000000276B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://d11iilsblp9z11.cloudfront.net/f/AVG_AV/files/1319/avg.zipi	SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000002.2642171583.000000000756D000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://my.avast.com	avg_antivirus_free_online_setup.exe, 0000000C.00000003.2628849428.0000000005C36000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.mcafee.com/consumer/en-us/policy/legal.html$Z	SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1760569997.0000000000828000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1778301135.0000000000824000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2410033411.0000000000824000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2110428676.0000000000824000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.certum.pl/CPS0	SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2110344218.0000000004EDD000.00000004.00000020.00020000.00000000.sdmp, BitComet_2.08a_setup.exe, 00000005.00000002.2249442158.0000000002794000.00000004.00000020.00020000.00000000.sdmp, BitComet_2.08a_setup.exe, 00000005.00000003.2216838446.00000000030F3000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 0000000D.00000003.2405439939.0000023E833A5000.00000004.00001000.00020000.00000000.sdmp, BitComet.exe, 0000000E.00000003.2413441796.0000021F09335000.00000004.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://analytics.avcdn.net/v4/receive/json/25Sent	avg_antivirus_free_online_setup.exe, 0000000C.00000002.2995522970.0000000005490000.00000002.00000001.00040000.00000018.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000000.2390280020.0000000000DC7000.00000002.00000001.01000000.00000018.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000002.2964747983.0000000000DC7000.00000002.00000001.01000000.00000018.sdmp	false	Avira URL Cloud: safe	unknown
https://d11iilsblp9z11.cloudfront.net/f/WebAdvisor/files/1489/saBSI.zipEC8	SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2110428676.000000000085C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2409204675.0000000004F36000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2362643784.0000000004F42000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2361027589.0000000004F3A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000002.2636705232.0000000004F47000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.mcafee.com/consumer/v/wa-how.html6	saBSI.exe, 0000000A.00000002.2897708570.0000000002E64000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2896422358.0000000002E63000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.avg.com/ww-en/privacynet/f/WebAdvisor/images/NEW/EN.pngipS	SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2110428676.000000000085C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.bitcomet.com/client/install-stats/?l=en_us&file=BitComet_2.08a_setup.exe&p=x64C:	BitComet_2.08a_setup.exe, 00000005.00000002.2245578736.000000000040A000.00000004.00000001.01000000.0000000D.sdmp, BitComet_stats.exe, 00000008.00000002.2229356875.00000000004E0000.00000004.00000020.00020000.00000000.sdmp, BitComet_stats.exe, 00000008.00000002.2229464470.0000000000670000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://sadownload.mcafee.com/products/SA/BSI/bsi_PartnerDistribution.xml	saBSI.exe, 0000000A.00000003.2730262487.0000000002F1F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2401223602.0000000002F1E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2720973329.0000000002F1F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2719167639.0000000002F1E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2884883686.0000000002F20000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2720589934.0000000002F1F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2730852804.0000000002F20000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2721125963.0000000002F1F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2728067926.0000000002F1E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.winzip.com/win/en/privacy.html	SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2110428676.0000000000818000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2410033411.0000000000818000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1760509842.000000000085F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1778301135.0000000000818000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1760569997.0000000000815000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000002.2618744694.000000000081A000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.avg.com/ww-en/privacy-us/K	SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000002.2637685057.0000000004F5F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2409204675.0000000004F5E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2409753961.0000000004F5F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://mirror.com/pub/file.exe	BitComet.exe, 0000000D.00000002.2420857876.00007FF664E1C000.00000002.00000001.01000000.00000019.sdmp, BitComet.exe, 0000000D.00000000.2403166450.00007FF664E1C000.00000002.00000001.01000000.00000019.sdmp	false	Avira URL Cloud: safe	unknown
https://id.avast.com/inAvastium	avg_antivirus_free_online_setup.exe, 0000000C.00000003.2628849428.0000000005C36000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.bitcomet.com/client/install-stats/?l=en_us&file=BitComet_2.08a_setup.exe&p=x64=	BitComet_stats.exe, 00000008.00000003.2228323587.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, BitComet_stats.exe, 00000008.00000002.2230194299.00000000006C5000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://shepherd.avcdn.net	avg_antivirus_free_online_setup.exe, 0000000C.00000003.2604061607.0000000005C6A000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://buddies.uno/Software/PrivacyPolicy/PrivayPolicy	SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1760569997.0000000000828000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.avast.com/eula#pc	SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000002.2627572791.0000000003622000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2410033411.000000000083F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2110428676.0000000000854000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1760569997.0000000000828000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1760509842.000000000085F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1778301135.0000000000854000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.bitcomet.com/client/install-stats/?l=en_us&file=BitComet_2.08a_setup.exe&p=x64:	BitComet_stats.exe, 00000008.00000003.2228323587.00000000006CF000.00000004.00000020.00020000.00000000.sdmp, BitComet_stats.exe, 00000008.00000003.2228442765.00000000006CF000.00000004.00000020.00020000.00000000.sdmp, BitComet_stats.exe, 00000008.00000002.2230297660.00000000006CF000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://honzik.avcdn.net/universe/4d26/a67d/9fb8/4d26a67d9fb882ba9ddb9a8f90cfc0a1f17c5f526abb83671f6	avg_antivirus_free_online_setup.exe, 0000000C.00000003.2536687235.0000000003571000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.bitcomet.com/client/install-stats/?l=en_us&file=BitComet_2.08a_setup.exe&p=x64;	BitComet_stats.exe, 00000008.00000003.2228323587.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, BitComet_stats.exe, 00000008.00000002.2230194299.00000000006C5000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://sadownload.mcafee.com:443/products/SA/BSI/bsi_DistributionRules.xmlRECONDITION	saBSI.exe, 0000000A.00000003.2719167639.0000000002F1E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.avg.com/ww-en/	SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000002.2642171583.0000000007566000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.avg.com/ww-en/eulaL	SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2410033411.000000000082E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.opera.com/he/eula/computers	SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1760509842.000000000085F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2410033411.000000000087D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2110428676.000000000087D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1778301135.0000000000818000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1760569997.0000000000815000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000002.2618744694.000000000081A000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.bitcomet.com/client/install-stats/?l=en_us&file=BitComet_2.08a_setup.exe&p=x64R	BitComet_stats.exe, 00000008.00000002.2228633981.0000000000190000.00000004.00000010.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://127.0.0.1	BitComet.exe, 0000000D.00000002.2420857876.00007FF664E1C000.00000002.00000001.01000000.00000019.sdmp, BitComet.exe, 0000000D.00000000.2403166450.00007FF664E1C000.00000002.00000001.01000000.00000019.sdmp	false	Avira URL Cloud: safe	unknown
https://sadownload.mcafee.com/products/SA/v1/installer/4.1.1/914/	saBSI.exe, 0000000A.00000003.2730262487.0000000002F1F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2720973329.0000000002F1F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2719167639.0000000002F1E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2884883686.0000000002F20000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2719167639.0000000002EBA000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2720589934.0000000002F1F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2730852804.0000000002F20000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2721125963.0000000002F1F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2728067926.0000000002F1E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2728067926.0000000002EB9000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.mcafee.com/consumer/v/wa-how.htmlY	saBSI.exe, 0000000A.00000002.2897708570.0000000002E64000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2896422358.0000000002E63000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.360totalsecurity.com/en/license/u=	SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2110428676.0000000000818000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2410033411.0000000000818000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1778301135.0000000000818000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1760569997.0000000000815000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000002.2618744694.000000000081A000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://honzik.avcdn.net/setup/avg-av/release/avg_antivirus_free_online_setup.exe	avg_antivirus_free_setup.exe, 0000000B.00000002.2971743307.0000000004DFA000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000C.00000003.2628849428.0000000005C36000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://pair.ff.avast.com	avg_antivirus_free_online_setup.exe, 0000000C.00000003.2628849428.0000000005C36000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://sadownload.mcafee.com/products/SA/BSI/bsi_DistributionRulesISB.xml	saBSI.exe, 0000000A.00000003.2401223602.0000000002F04000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000002.2897708570.0000000002EE3000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2896027780.0000000002EE3000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2728067926.0000000002EE3000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2719167639.0000000002EE3000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://analytics.apis.mcafee.com:443/mosaic/2.0/product-web/am/v1/recordY_DIST_AFFID_LIST	saBSI.exe, 0000000A.00000003.2719167639.0000000002EE3000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://sadownload.mcafee.com/products/SA/v1/bsi/4.1.1/install.xmlhe	saBSI.exe, 0000000A.00000002.2897708570.0000000002EB9000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2895072615.0000000002EB9000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2719167639.0000000002EBA000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2728067926.0000000002EB9000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://https://:allow_fallback/installer.exe	avg_antivirus_free_setup.exe, 0000000B.00000000.2364390202.00000000000C3000.00000002.00000001.01000000.00000017.sdmp, avg_antivirus_free_setup.exe, 0000000B.00000002.2963084059.00000000000C3000.00000002.00000001.01000000.00000017.sdmp	false	Avira URL Cloud: safe	unknown
http://submit.sb.avast.com/V1/PD/	avg_antivirus_free_online_setup.exe, 0000000C.00000003.2628849428.0000000005C36000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://analytics.apis.mcafee.comhttps://analytics.qa.apis.mcafee.com/mosaic/2.0/product-web/am/v1/r	saBSI.exe, 0000000A.00000000.2344892193.00000000006DE000.00000002.00000001.01000000.00000016.sdmp, saBSI.exe, 0000000A.00000002.2896762694.00000000006DE000.00000002.00000001.01000000.00000016.sdmp	false	Avira URL Cloud: safe	unknown
https://sadownload.mcafee.com/products/SA/BSI/bsi_PartnerDistribution.xml/	saBSI.exe, 0000000A.00000003.2730262487.0000000002F1F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2401223602.0000000002F1E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2720973329.0000000002F1F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2719167639.0000000002F1E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2884883686.0000000002F20000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2720589934.0000000002F1F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2730852804.0000000002F20000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2721125963.0000000002F1F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2728067926.0000000002F1E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://viruslab-samples.sb.avast.com	avg_antivirus_free_online_setup.exe, 0000000C.00000003.2577221124.0000000005DA0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.bitcomet.com/doc/privacy-policy.php	SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2110428676.000000000085C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000002.2642171583.00000000074E9000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000002.2622264821.0000000002390000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1703819395.0000000003490000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://analytics.apis.mcafee.com/	saBSI.exe, 0000000A.00000003.2895072615.0000000002EB9000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2373312406.0000000002EE3000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://sadownload.mcafee.com/products/SA/v1/bsi	saBSI.exe, 0000000A.00000003.2884586261.0000000005405000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2894779605.0000000005408000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2731341920.0000000005404000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2729383650.0000000005404000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2486584163.0000000005404000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2884328927.0000000005404000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2718431117.0000000005404000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.bitcomet.com/client/install-stats/?l=en_us&file=BitComet_2.08a_setup.exe&p=x64.	BitComet_stats.exe, 00000008.00000003.2228323587.00000000006CF000.00000004.00000020.00020000.00000000.sdmp, BitComet_stats.exe, 00000008.00000003.2228442765.00000000006CF000.00000004.00000020.00020000.00000000.sdmp, BitComet_stats.exe, 00000008.00000002.2230297660.00000000006CF000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.bitcomet.com/client/install-stats/?l=en_us&file=BitComet_2.08a_setup.exe&p=x64(	BitComet_stats.exe, 00000008.00000002.2230476280.000000000070C000.00000004.00000020.00020000.00000000.sdmp, BitComet_stats.exe, 00000008.00000003.2228162848.000000000070C000.00000004.00000020.00020000.00000000.sdmp, BitComet_stats.exe, 00000008.00000003.2227044278.000000000070C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://sadownload.mcafee.com/products/SA/BSI/bsi_vars.x	saBSI.exe, 0000000A.00000003.2401223602.0000000002F04000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000002.2897708570.0000000002EE3000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2896027780.0000000002EE3000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2728067926.0000000002EE3000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2719167639.0000000002EE3000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://d11iilsblp9z11.cloudfront.net/f/AVG_AV/images/1509/EN.pngI.zip	SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2110428676.000000000085C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://sadownload.mcafee.com/products/sa/bsi/win/binary	saBSI.exe, 0000000A.00000003.2884586261.0000000005405000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2894779605.0000000005408000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2731341920.0000000005404000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2729383650.0000000005404000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2486584163.0000000005404000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2884328927.0000000005404000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2718431117.0000000005404000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.winzip.com/win/en/eula.html	SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2110428676.0000000000818000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.2410033411.0000000000818000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1760509842.000000000085F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1778301135.0000000000818000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1760569997.0000000000815000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000002.2618744694.000000000081A000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://v7event.stats.avast.com:80/cgi-bin/iavsevents.cgi	avg_antivirus_free_setup.exe, 0000000B.00000003.2391365686.0000000004E30000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 0000000B.00000002.2976222461.0000000004E30000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://home.mcafee.com/Root/AboutUs.aspx?iu	SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1760509842.000000000085F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp, 00000001.00000003.1778301135.0000000000861000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
161.97.135.85	inside.bitcomet.com	United States	51167	CONTABODE	false
52.25.171.187	mosaic-orio.apis.mcafee.com	United States	16509	AMAZON-02US	false
13.249.12.125	d11iilsblp9z11.cloudfront.net	United States	16509	AMAZON-02US	false
162.159.61.3	unknown	United States	13335	CLOUDFLARENETUS	false
146.12.137.105	unknown	United States	197938	TRAVIANGAMESDE	false
87.98.162.88	dht.transmissionbt.com	France	16276	OVHFR	false
172.64.41.3	chrome.cloudflare-dns.com	United States	13335	CLOUDFLARENETUS	false
143.204.205.88	unknown	United States	16509	AMAZON-02US	false
34.160.176.28	shepherd-gcp.ff.avast.com	United States	2686	ATGS-MMD-ASUS	false
34.117.223.223	analytics-prod-gcp.ff.avast.com	United States	139070	GOOGLE-AS-APGoogleAsiaPacificPteLtdSG	false
172.183.192.109	unknown	United States	7018	ATT-INTERNET4US	false
161.97.134.106	unknown	United States	51167	CONTABODE	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
95.111.225.211	apphit.com	Ukraine	51167	CONTABODE	false
142.250.65.200	unknown	United States	15169	GOOGLEUS	false

Private

IP
127.0.0.1

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1476246
Start date and time:	2024-07-18 21:37:06 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 13m 16s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	45
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	SecuriteInfo.com.Riskware.OfferCore.5002.4698.exe
Detection:	MAL
Classification:	mal46.rans.troj.evad.winEXE@65/491@81/16
EGA Information:	Successful, ratio: 71.4%
HCA Information:	Successful, ratio: 91% Number of executed functions: 189 Number of non-executed functions: 177
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, Conhost.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, backgroundTaskHost.exe
Excluded IPs from analysis (whitelisted): 23.212.89.10, 216.239.36.178, 216.239.38.178, 216.239.34.178, 216.239.32.178, 2.19.126.150, 2.19.126.156, 13.107.42.16, 184.28.90.27, 20.82.9.214, 216.58.206.40, 20.42.73.29, 151.101.2.133, 142.251.35.163, 142.251.40.131
Excluded domains from analysis (whitelisted): nav-edge.smartscreen.microsoft.com, config.edge.skype.com.trafficmanager.net, slscr.update.microsoft.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, secure.globalsign.com, tm-prod-wd-csp-edge.trafficmanager.net, home.mcafee.com, ocsp.digicert.com, login.live.com, config-edge-skype.l-0007.l-msedge.net, www.googletagmanager.com, e16604.g.akamaiedge.net, prod-agic-we-1.westeurope.cloudapp.azure.com, onedsblobprdeus15.eastus.cloudapp.azure.com, www.gstatic.com, l-0007.l-msedge.net, prod.fs.microsoft.com.akadns.net, config.edge.skype.com, www.google-analytics.com, fs.microsoft.com, e9229.dscd.akamaiedge.net, s-honzik.avcdn.net.edgekey.net, a866.dscd.akamai.net, www-alv.google-analytics.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com, global.prd.cdn.globalsign.com, l-0007.config.skype.com, sadownload.mcafee.com.edgesuite.net, blobcollector.events.data.trafficmanager.net, umwatson.events.data.microso
Execution Graph export aborted for target BitCometService.exe, PID 5824 because there are no executed function
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtEnumerateKey calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtQueryVolumeInformationFile calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: SecuriteInfo.com.Riskware.OfferCore.5002.4698.exe

Simulations

Behavior and APIs

Time	Type	Description
15:38:06	API Interceptor	7x Sleep call for process: SecuriteInfo.com.Riskware.OfferCore.5002.4698.tmp modified
15:38:53	API Interceptor	1x Sleep call for process: BitComet_stats.exe modified
15:39:09	API Interceptor	2x Sleep call for process: avg_antivirus_free_setup.exe modified
15:39:12	API Interceptor	8x Sleep call for process: avg_antivirus_free_online_setup.exe modified
15:39:16	API Interceptor	2x Sleep call for process: svchost.exe modified
15:39:17	API Interceptor	2x Sleep call for process: BitComet.exe modified
15:39:27	API Interceptor	2x Sleep call for process: WerFault.exe modified
15:40:00	API Interceptor	1x Sleep call for process: saBSI.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
161.97.135.85	SecuriteInfo.com.Trojan.InstallCore.4086.24549.19610.exe	Get hash	malicious	PrivateLoader, PureLog Stealer	Browse
161.97.135.85	SecuriteInfo.com.Trojan.InstallCore.4086.24549.19610.exe	Get hash	malicious	PrivateLoader, PureLog Stealer	Browse
162.159.61.3	EMPLOYEE APPRAISAL REVIEW FOR breen.loney Q2 2024.pdf	Get hash	malicious	HTMLPhisher	Browse
	https://app.pandadoc.com/document/01fc0506672a338844b1e0a33f8f8c691e8b5536	Get hash	malicious	Unknown	Browse
	Scanner_SKME092878673568739809289728639802765768729809208.pdf	Get hash	malicious	Unknown	Browse
	MicrosoftInst.exe	Get hash	malicious	GhostRat	Browse
	PEDIDO DE COMPRA URGENTEs#U034fx#U034fl#U034fx#U034f..exe	Get hash	malicious	FormBook	Browse
	PO.pdf	Get hash	malicious	Unknown	Browse
	CC-CREDIT CARD-itineraries.exe	Get hash	malicious	FormBook	Browse
	s6ue6dcFAI.exe	Get hash	malicious	Babadeda	Browse
	JblYqEneyY.exe	Get hash	malicious	Babadeda	Browse
	s6ue6dcFAI.exe	Get hash	malicious	Babadeda	Browse
172.64.41.3	https://app.pandadoc.com/document/01fc0506672a338844b1e0a33f8f8c691e8b5536	Get hash	malicious	Unknown	Browse
	download	Get hash	malicious	Unknown	Browse
	Scanner_SKME092878673568739809289728639802765768729809208.pdf	Get hash	malicious	Unknown	Browse
	Please_Docusign_this_document_July 2024_2471.pdf	Get hash	malicious	Unknown	Browse
	SecuriteInfo.com.decompression.bomb.9781.1949.exe	Get hash	malicious	Unknown	Browse
	p_view_20241106.pdf	Get hash	malicious	Unknown	Browse
	cc00980_.exe	Get hash	malicious	Unknown	Browse
	ziprar.exe	Get hash	malicious	Unknown	Browse
	https://spacesolutions1-my.sharepoint.com/:f:/g/personal/sophie_mcnally_spacesolutions_co_uk/EkJ_RlaL8JdMhn3SJdI6Xr8BfXrsiWDMQbMc_A0Yc908bw?e=YFS2VS	Get hash	malicious	Unknown	Browse
	PEDIDO DE COMPRA URGENTEs#U034fx#U034fl#U034fx#U034f..exe	Get hash	malicious	FormBook	Browse
34.160.176.28	winrar-64-6.21-installer_AmGAP-1.exe	Get hash	malicious	PureLog Stealer	Browse
	ccsetup624.exe	Get hash	malicious	Unknown	Browse
	806aab44-6c03-4577-a3c4-83aa13dc7875.tmp	Get hash	malicious	Unknown	Browse
	Microstub.exe	Get hash	malicious	Unknown	Browse
	Microstub.exe	Get hash	malicious	Unknown	Browse
	ccsetup621.zip	Get hash	malicious	Unknown	Browse
	https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient	Get hash	malicious	Unknown	Browse
	http://www.poweriso-mirror.com/PowerISO8.exe	Get hash	malicious	Unknown	Browse
	_.exe	Get hash	malicious	Unknown	Browse
	_.exe	Get hash	malicious	Unknown	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
shepherd-gcp.ff.avast.com	ccsetup624.exe	Get hash	malicious	Unknown	Browse	34.160.176.28
	806aab44-6c03-4577-a3c4-83aa13dc7875.tmp	Get hash	malicious	Unknown	Browse	34.160.176.28
	Microstub.exe	Get hash	malicious	Unknown	Browse	34.160.176.28
	Microstub.exe	Get hash	malicious	Unknown	Browse	34.160.176.28
	ccsetup621.zip	Get hash	malicious	Unknown	Browse	34.160.176.28
	https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient	Get hash	malicious	Unknown	Browse	34.160.176.28
	http://www.poweriso-mirror.com/PowerISO8.exe	Get hash	malicious	Unknown	Browse	34.160.176.28
	_.exe	Get hash	malicious	Unknown	Browse	34.160.176.28
	_.exe	Get hash	malicious	Unknown	Browse	34.160.176.28
	CCleaner.exe	Get hash	malicious	RMSRemoteAdmin, Remote Utilities	Browse	34.160.176.28
mosaic-orio.apis.mcafee.com	https://www.poweriso.net/PowerISO8-x64.exe	Get hash	malicious	Unknown	Browse	52.26.85.137
dht.transmissionbt.com	5d9fe2735d4399d98e6e6a792b1feb26d6f2d9a5d77944ecacb4b4837e5e5fca.zip	Get hash	malicious	Xmrig	Browse	87.98.162.88
	240506-b7lv1sfmcw_pw_infected.zip	Get hash	malicious	Xmrig	Browse	87.98.162.88
	240506-b7lv1sfmcw_pw_infected.zip	Get hash	malicious	Xmrig	Browse	87.98.162.88
	5d9fe2735d4399d98e6e6a792b1feb26d6f2d9a5d77944ecacb4b4837e5e5fca.zip	Get hash	malicious	Xmrig	Browse	87.98.162.88
	na.elf	Get hash	malicious	Mirai	Browse	87.98.162.88
	Photo.scr.exe	Get hash	malicious	Xmrig	Browse	87.98.162.88
	bin.sh	Get hash	malicious	Mirai	Browse	212.129.33.59
	bin.sh	Get hash	malicious	Mirai	Browse	212.129.33.59
	AV.scr	Get hash	malicious	Xmrig	Browse	212.129.33.59
	Photo.scr	Get hash	malicious	Xmrig	Browse	87.98.162.88
chrome.cloudflare-dns.com	https://app.pandadoc.com/document/01fc0506672a338844b1e0a33f8f8c691e8b5536	Get hash	malicious	Unknown	Browse	172.64.41.3
	SecuriteInfo.com.decompression.bomb.9781.1949.exe	Get hash	malicious	Unknown	Browse	172.64.41.3
	MicrosoftInst.exe	Get hash	malicious	GhostRat	Browse	162.159.61.3
	cc00980_.exe	Get hash	malicious	Unknown	Browse	172.64.41.3
	ziprar.exe	Get hash	malicious	Unknown	Browse	172.64.41.3
	PEDIDO DE COMPRA URGENTEs#U034fx#U034fl#U034fx#U034f..exe	Get hash	malicious	FormBook	Browse	172.64.41.3
	https://ury.io/aVPeBa	Get hash	malicious	Unknown	Browse	172.64.41.3
	CC-CREDIT CARD-itineraries.exe	Get hash	malicious	FormBook	Browse	162.159.61.3
	bt2eTjYGOb.exe	Get hash	malicious	Unknown	Browse	172.64.41.3
	s6ue6dcFAI.exe	Get hash	malicious	Babadeda	Browse	162.159.61.3

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CONTABODE	http://zerosevenone.buzz/	Get hash	malicious	Unknown	Browse	161.97.83.26
	DOC -For-Rockwool.pdf	Get hash	malicious	Unknown	Browse	173.249.54.85
	mlk3kK6uLZ.exe	Get hash	malicious	Amadey, Mars Stealer, PureLog Stealer, Quasar, RedLine, Stealc, Vidar	Browse	213.136.93.115
	https://sites.google.com/view/mposecsrfbjgplrkjzznxxrhdjmqmp/accueil	Get hash	malicious	Unknown	Browse	178.238.224.248
	1720591325f5478047ee3721bf0b0649bb42cc34e9e6a69a5014cf6e24bdb38eff5f9aa4a6227.dat-decoded.exe	Get hash	malicious	AgentTesla	Browse	161.97.124.96
	Request for Quotation.vbs	Get hash	malicious	AgentTesla	Browse	161.97.124.96
	XX(1).exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	164.68.127.9
	McrflHf6vg.exe	Get hash	malicious	WhiteSnake Stealer	Browse	167.86.115.218
	rnoahcrypter.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	164.68.127.9
	https://link.mail.beehiiv.com/ls/click?upn=u001.DTQiLe1mLQCNek4IXPrb3VfkDRZqOjfShPTiZjGkXYeHH0qcNkYwSSCzibjlmAzeTFQugAGktmmDcLaGVd7xmrhViuDlzvk7LSYra0CxW0GfjPradQJiCp1Lv1-2BJr8tU4uPUlMdZtOopAucgMUwgTsNkjDwJaQiHNbOIjuz9-2F3lablcjJiJu79900Z-2B-2BB-2F6jXyiW_VW5ZEdFpCuXmC2nf4fwMfiBmdui0O95PSMmp4s-2F2oS3jvSHISWr6XQl8RtHpD7TWmHpRBlT8NsCamUZaroeFibjayeskXeuNnFhPFOon1-2FD6SmbcpIEUC7jghzzXsggajKIODB16RJEeGNz4SFHe6mT-2Bn59v08ju13fD9NtKJQcr97qiQNjiGiaoQJcvN3gUurUBqLZp9I4f9bNW54ZUVVCzpwaogbLaWcL9oScbt8pPuOyTauAJYwyhhj24yBhp7RMjj-2F0GEsPKyiUipvQjkQHl7wMea8EX-2BEwxs5CkLSgKbIS5ztD-2FRjTIduXCBnVT1QnOLd-2FvmyGT6B7reFiJd8Uxm5bV4XvIh0yb5H69DRSKW3EikbmS1X801NApBjBxNojnvbDZeuwCzdsxI3Q5aBPTHO4KAIPr3eArcRNMGEhsEzfjMMKf-2F6jodzrXKEkXK5P-2Fd4Xgx-2FJIzg1wpgwJNw-3D-3D#?email=c3BlbmNlci53dW5kZXJsZUBoc2Nwb2x5LmNvbQ==	Get hash	malicious	Fake Captcha, HTMLPhisher	Browse	173.249.54.85
CLOUDFLARENETUS	SecuriteInfo.com.Win32.Malware-gen.18751.23755.exe	Get hash	malicious	Unknown	Browse	172.67.201.212
	https://t.infomail.microsoft.com/r/?id=h707ecfa5,69ca6c1c,69ccacb0&e=b2NpZD1jbW1hbmlleDN4Mg&s=TT2m-Y1733ga9dYQbmzwO7CS0-MhXWa3NfkkfpZX75E	Get hash	malicious	Unknown	Browse	104.18.36.155
	Company Profile.exe	Get hash	malicious	GuLoader, Snake Keylogger	Browse	104.21.67.152
	https://a.kerika.com/acc_39TXETMEnauTtVtsNzbfFJ/c/brd_4nvvo2ooyq8HxjaMzCxzZb/cnvs_BfJOZ	Get hash	malicious	Tycoon2FA	Browse	188.114.96.3
	https://a.kerika.com/acc_39TXETMEnauTtVtsNzbfFJ/c/brd_4nvvo2ooyq8HxjaMzCxzZb/cnvs_BfJOZ	Get hash	malicious	Tycoon2FA	Browse	188.114.96.3
	SecuriteInfo.com.Trojan.MSIL.Crypt.8674.14789.exe	Get hash	malicious	Unknown	Browse	104.21.22.15
	SecuriteInfo.com.Trojan.MSIL.Crypt.8674.14789.exe	Get hash	malicious	Unknown	Browse	104.21.22.15
	FAX-0071824-946501.pdf	Get hash	malicious	HTMLPhisher	Browse	104.21.38.221
	https://docs.google.com/presentation/d/e/2PACX-1vSkULgYz3oNIJkLmxFha2VXFuj7oFBDX_AZimtiACquT4m3bu8bMhm0Wd4nxGWbpyIsGaRcHqolMDfU/pub?start=false&loop=false&delayms=3000	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	https://confirmcloudshare.top/k0I4DhdCrw#Ryano*@Vib.com	Get hash	malicious	HTMLPhisher	Browse	104.21.31.239
AMAZON-02US	jklarm	Get hash	malicious	Unknown	Browse	44.231.219.156
	https://t.infomail.microsoft.com/r/?id=h707ecfa5,69ca6c1c,69ccacb0&e=b2NpZD1jbW1hbmlleDN4Mg&s=TT2m-Y1733ga9dYQbmzwO7CS0-MhXWa3NfkkfpZX75E	Get hash	malicious	Unknown	Browse	18.200.174.228
	https://a.kerika.com/acc_39TXETMEnauTtVtsNzbfFJ/c/brd_4nvvo2ooyq8HxjaMzCxzZb/cnvs_BfJOZ	Get hash	malicious	Tycoon2FA	Browse	52.219.95.2
	https://a.kerika.com/acc_39TXETMEnauTtVtsNzbfFJ/c/brd_4nvvo2ooyq8HxjaMzCxzZb/cnvs_BfJOZ	Get hash	malicious	Tycoon2FA	Browse	18.239.36.25
	file.exe	Get hash	malicious	Unknown	Browse	143.204.215.115
	https://docs.google.com/presentation/d/e/2PACX-1vSkULgYz3oNIJkLmxFha2VXFuj7oFBDX_AZimtiACquT4m3bu8bMhm0Wd4nxGWbpyIsGaRcHqolMDfU/pub?start=false&loop=false&delayms=3000	Get hash	malicious	HTMLPhisher	Browse	52.219.111.40
	https://confirmcloudshare.top/k0I4DhdCrw#Ryano*@Vib.com	Get hash	malicious	HTMLPhisher	Browse	18.239.36.120
	https://yourorganization-fgctr.formstack.com/forms/hr_department	Get hash	malicious	HTMLPhisher	Browse	18.239.50.103
	file.exe	Get hash	malicious	Unknown	Browse	13.32.110.25
	file.exe	Get hash	malicious	Unknown	Browse	143.204.215.122
AMAZON-02US	jklarm	Get hash	malicious	Unknown	Browse	44.231.219.156
	https://t.infomail.microsoft.com/r/?id=h707ecfa5,69ca6c1c,69ccacb0&e=b2NpZD1jbW1hbmlleDN4Mg&s=TT2m-Y1733ga9dYQbmzwO7CS0-MhXWa3NfkkfpZX75E	Get hash	malicious	Unknown	Browse	18.200.174.228
	https://a.kerika.com/acc_39TXETMEnauTtVtsNzbfFJ/c/brd_4nvvo2ooyq8HxjaMzCxzZb/cnvs_BfJOZ	Get hash	malicious	Tycoon2FA	Browse	52.219.95.2
	https://a.kerika.com/acc_39TXETMEnauTtVtsNzbfFJ/c/brd_4nvvo2ooyq8HxjaMzCxzZb/cnvs_BfJOZ	Get hash	malicious	Tycoon2FA	Browse	18.239.36.25
	file.exe	Get hash	malicious	Unknown	Browse	143.204.215.115
	https://docs.google.com/presentation/d/e/2PACX-1vSkULgYz3oNIJkLmxFha2VXFuj7oFBDX_AZimtiACquT4m3bu8bMhm0Wd4nxGWbpyIsGaRcHqolMDfU/pub?start=false&loop=false&delayms=3000	Get hash	malicious	HTMLPhisher	Browse	52.219.111.40
	https://confirmcloudshare.top/k0I4DhdCrw#Ryano*@Vib.com	Get hash	malicious	HTMLPhisher	Browse	18.239.36.120
	https://yourorganization-fgctr.formstack.com/forms/hr_department	Get hash	malicious	HTMLPhisher	Browse	18.239.50.103
	file.exe	Get hash	malicious	Unknown	Browse	13.32.110.25
	file.exe	Get hash	malicious	Unknown	Browse	143.204.215.122

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
74954a0c86284d0d6e1c4efefe92b521	SecuriteInfo.com.W32.Kryptik.CI.tr.21358.1519.exe	Get hash	malicious	Unknown	Browse	34.117.223.223 34.160.176.28
	golang-modules.exe	Get hash	malicious	Unknown	Browse	34.117.223.223 34.160.176.28
	SecuriteInfo.com.Trojan.Win64.Agent.14415.19839.exe	Get hash	malicious	Unknown	Browse	34.117.223.223 34.160.176.28
	Letter-04.doc	Get hash	malicious	Unknown	Browse	34.117.223.223 34.160.176.28
	chromeUpdate.exe	Get hash	malicious	Unknown	Browse	34.117.223.223 34.160.176.28
	PRE-PCM DMD VSAT 2024-25 OF BAF Sta SNR.doc	Get hash	malicious	Unknown	Browse	34.117.223.223 34.160.176.28
	TS-240617-UF1.exe	Get hash	malicious	Python Stealer, Creal Stealer	Browse	34.117.223.223 34.160.176.28
	TS-240609-CStealer1.exe	Get hash	malicious	Python Stealer, Creal Stealer	Browse	34.117.223.223 34.160.176.28
	build.hta	Get hash	malicious	Quasar	Browse	34.117.223.223 34.160.176.28
	ZK9XFb424l.exe	Get hash	malicious	Python Stealer, Creal Stealer, XWorm	Browse	34.117.223.223 34.160.176.28
a0e9f5d64349fb13191bc781f81f42e1	Enquiry.exe	Get hash	malicious	Remcos, DBatLoader	Browse	143.204.205.88 34.117.223.223 52.25.171.187 13.249.12.125
	3YFh1o2TfZ.xlsx	Get hash	malicious	Unknown	Browse	143.204.205.88 34.117.223.223 52.25.171.187 13.249.12.125
	JtEm7XoJt4.exe	Get hash	malicious	LummaC, Vidar	Browse	143.204.205.88 34.117.223.223 52.25.171.187 13.249.12.125
	zheidzzyHi.exe	Get hash	malicious	LummaC	Browse	143.204.205.88 34.117.223.223 52.25.171.187 13.249.12.125
	SapphireX.exe	Get hash	malicious	LummaC Stealer	Browse	143.204.205.88 34.117.223.223 52.25.171.187 13.249.12.125
	SapphireX.exe	Get hash	malicious	LummaC Stealer	Browse	143.204.205.88 34.117.223.223 52.25.171.187 13.249.12.125
	Trialog_Drives_Mapping.xlsx	Get hash	malicious	Unknown	Browse	143.204.205.88 34.117.223.223 52.25.171.187 13.249.12.125
	#U7535#U8111#U98de#U673a&7.exe	Get hash	malicious	Unknown	Browse	143.204.205.88 34.117.223.223 52.25.171.187 13.249.12.125
	#U7535#U8111#U98de#U673a&7.exe	Get hash	malicious	Unknown	Browse	143.204.205.88 34.117.223.223 52.25.171.187 13.249.12.125
	Tesst_1.exe	Get hash	malicious	Unknown	Browse	143.204.205.88 34.117.223.223 52.25.171.187 13.249.12.125

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Program Files\BitComet\WebView2Loader.dll	SecuriteInfo.com.Trojan.InstallCore.4086.24549.19610.exe	Get hash	malicious	PrivateLoader, PureLog Stealer	Browse
	SecuriteInfo.com.Trojan.InstallCore.4086.24549.19610.exe	Get hash	malicious	PrivateLoader, PureLog Stealer	Browse
	SecuriteInfo.com.Trojan.InstallCore.4086.15026.2213.exe	Get hash	malicious	PrivateLoader, PureLog Stealer	Browse
	SecuriteInfo.com.Trojan.InstallCore.4086.15026.2213.exe	Get hash	malicious	PrivateLoader, PureLog Stealer	Browse
	jTCGq3zaZi.crx	Get hash	malicious	Unknown	Browse
C:\Program Files\BitComet\CrashReport.exe	SecuriteInfo.com.Trojan.InstallCore.4086.24549.19610.exe	Get hash	malicious	PrivateLoader, PureLog Stealer	Browse
	SecuriteInfo.com.Trojan.InstallCore.4086.24549.19610.exe	Get hash	malicious	PrivateLoader, PureLog Stealer	Browse
	SecuriteInfo.com.Trojan.InstallCore.4086.15026.2213.exe	Get hash	malicious	PrivateLoader, PureLog Stealer	Browse
	SecuriteInfo.com.Trojan.InstallCore.4086.15026.2213.exe	Get hash	malicious	PrivateLoader, PureLog Stealer	Browse

Process:	C:\Users\user\AppData\Local\Temp\is-FPJNG.tmp\BitComet_2.08a_setup.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	27838352
Entropy (8bit):	6.591624431541829
Encrypted:	false
SSDEEP:	393216:RmdPJ4LX3qBudzY+ttl0vgylC/iSSL6QbonoR9YrWJM6WZdCw:RmdPuLqsVTECKSeUnu9b6p7
MD5:	BFDFE1495ADA381F3D57C6E6DF04E189
SHA1:	BD1080D262FC7B6C5C86C4516CEBCAE7B84AC9C5
SHA-256:	CEAA1ECB0C6D7DDE6226C18291FACD39E3FE0A0D7B020CD5BFE9D2935A9FA468
SHA-512:	68D48656B8A0EAB603FB2916C6FA9CD817F2994820D340C97B6C494DE110D47A75773AA29C70136861EE648EA0670B2359D2A474960D173C4C5576B2EE9CB6CC
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 4%
Preview:	MZ......................@...................................x...........!..L.!This program cannot be run in DOS mode....$.........V~.i8-.i8-.i8-..=,.i8-.i8-.i8-(.<,.k8-9..-.i8-9..-^i8-9..-.i8-..<,.i8-(.;,.i8-..=,.i8-...-.i8-..;,.i8-(.=,.i8-%.<,.i8-%.=,*h8-..=,.i8-..<,.i8-...-.i8-...-.i8-...-.i8-...-.i8-.i9-.j8-&.1,Yk8-&..-.i8-.i.-.i8-&.:,.i8-Rich.i8-........................PE..d.....f..........".................<&.........@.....................................g....`.................................................@Um......`...K#.....dX.......'......TY..P,;.T....................-;.(....,;..............................................text...X........................... ..`.rdata....u.......u.................@..@.data.........m.......m.............@....pdata...X.......Z...zu.............@..@.detourc."... ...$..................@..@.detourd.....P......................@....rsrc....K#..`...L#.................@..@.reloc..TY.......Z...F..............@..B........................................

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	1310720
Entropy (8bit):	1.3073825863041773
Encrypted:	false
SSDEEP:	3072:5JCnRjDxImmaooCEYhlOe2Pp4mH45l6MFXDaFXpVv1L0Inc4lfEnogVsiJKrvrH:KooCEYhgYEL0In
MD5:	5DCF086F25E9B96960DA1FD8D7A2126D
SHA1:	7C537BD2590EF9D99B18F0ECDEE751BFEA87E26A
SHA-256:	7DA90886BDA1A91EB4A0744DABD98BB5A2871431BEFA348680A6E2B22268BAD3
SHA-512:	CCFEDD49019BBF8F2004B1A152083F7BA7B4D967A8B7BD9895CF05F4BFA8B1EAF0C44402C051E46B5D227C88A0523305E8F9BEFE84642B7549F87365A43E5B36
Malicious:	false
Preview:	z3..........@..@.;...{..................<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@..........................................#.................................................................................................................................................................................................................................................................................................................................................

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	1.401908081696736
Encrypted:	false
SSDEEP:	192:OybRfWr07I3g6jcfecrXRao/dzuiFPZ24IO8t:tbRfW47Cg6jeXRLFzuiFPY4IO8t
MD5:	1616075E291F3F15C929A971326B7DE4
SHA1:	742041D0B4502B7A6CD276A0B907493C7C3D046B
SHA-256:	7169A783960EBAE0A1CBF6561FD2860ADC0639408CA5DAF82AE36A7F7D75FAEC
SHA-512:	C41B8F296DEC99C0DFA740283CD7677A91DE4315AC31B99D559AB0C0FB58FB15E9D41B95C68D9FB7B34E1D1DD5BF353156B01AF04241AE4E1AB34B0D93E38BDB
Malicious:	false
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.6.5.8.0.5.1.6.9.1.8.8.8.3.9.9.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.6.5.8.0.5.1.7.0.1.2.5.4.6.7.7.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.7.e.5.6.e.7.d.9.-.7.c.9.0.-.4.4.3.9.-.b.9.7.9.-.a.4.a.d.4.5.e.d.4.a.f.e.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.4.b.d.3.a.5.7.b.-.7.a.f.a.-.4.4.d.8.-.8.6.b.c.-.0.7.a.1.0.3.2.d.9.a.7.b.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.S.e.c.u.r.i.t.e.I.n.f.o...c.o.m...R.i.s.k.w.a.r.e...O.f.f.e.r.C.o.r.e...5.0.0.2...4.6.9.8...t.m.p.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.a.5.4.-.0.0.0.1.-.0.0.1.4.-.d.7.1.3.-.d.1.f.f.4.9.d.9.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.5.3.9.7.1.9.9.

Process:	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	16452
Entropy (8bit):	6.06828747556593
Encrypted:	false
SSDEEP:	384:dtM7XKnG7EtlXrFJOg5+VCKP4gW5CiUMzcBhqNBSMpfur4OJic:XM7X2zt1jOXtXi3zah8furJ5
MD5:	41FD4CCFD5C968CE6518F2C8F3389B58
SHA1:	7D9A7071F8AF39E80B2275ACFE16A32232455133
SHA-256:	632CE1C08C974E298F5B17115F72E50127FF1F9255C382428C4C9CCFB66E6AF4
SHA-512:	FB5FE0FF9764B2A898FF100190E59BF7124D77F2225D276CAC8E1B4406C3D9E5F00F16968253276F372ADD0EE2F011D8A218BEE6E81DF474FE9DEE76FC61AA65
Malicious:	false
Preview:	{"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm3rXSyzABnWdKBG+Ijlx7hEE4QTzo+AB6fnDLLJBpo7PKv8Ob367/KjUg8mcY6CmCjTJCmtsWFOcUf5vj04cw0e1yZe2WAl8svFn5IC43jfc+dLnGrEyDwAicHCxNdhlrVa5LEtTgt5u2lAK02pd198r5dr5WgIYys3bJeQH8gzYPwfpC896xXwllv1ws/Dov+UhC031uDZGRdc04LmqFm3Cjhfq008PV7a+5hhe79VoH4u4yk308t/Dk18EzpeL4EmYE9h5+MT4qBuMWAoynzi9yFf/z8N4+c7BnX5qaxMXjWWNuUeEuxFZB94cta8JqLbiF2zYWsrF0K38o0/KVgtVMF5aEI/vhxca+VLKhhZax1NWoKBRWhiA+wFYAyF6Jr5QUMoLgD5ho4CKIP73/CB+mNcHhjZo8gT1PSiPG+B5lF3C+VtqJ7pjlXJZ335PUBNA

Process:	C:\Users\user\Desktop\SecuriteInfo.com.Riskware.OfferCore.5002.4698.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3111424
Entropy (8bit):	6.3985080559233944
Encrypted:	false
SSDEEP:	49152:lLJwSihjOb6GLb4SKEs3DyOMC2DlUt0+yO3A32ASNTvfGU:rwSi0b67zeCzt0+yO3kSxn
MD5:	DD40149397C65DB7E46877143552AAC5
SHA1:	A520AA94A3EC3279C26410A58A40C5C37B037A8E
SHA-256:	F4E460EDDF3D8408AE887AC53FE96906A3B534D99A5FD9C3FE7777948293D1F7
SHA-512:	F1B651C2F26C49D7D9D7B04E5DC5AD0D8344C3C002C5119FEE8E038E8CC7AC06F0AD3729E20C98DA0BDAC1993FEA85F8F77B71D02E87E9E3859DE42F24D6C7F9
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...p.._.................$,..R......P6,......@,...@..........................`0...........@......@....................-......`-.49....-.(u....................................................-......................i-.......-......................text...P.+.......+................. ..`.itext..t(....,..*....+............. ..`.data.......@,......(,.............@....bss.....x....,..........................idata..49...`-..:....,.............@....didata.......-.......,.............@....edata........-.......-.............@..@.tls....L.....-..........................rdata..].....-.......-.............@..@.rsrc...(u....-..v....-.............@..@......................-.............@..@........................................................

Entrypoint:	0x4b5eec
Entrypoint Section:	.itext
Digitally signed:	true
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x5FB0F96E [Sun Nov 15 09:48:30 2020 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	1
File Version Major:	6
File Version Minor:	1
Subsystem Version Major:	6
Subsystem Version Minor:	1
Import Hash:	5a594319a0d69dbc452e748bcf05892e

Signature Valid:	true
Signature Issuer:	CN=Certum Code Signing 2021 CA, O=Asseco Data Systems S.A., C=PL
Signature Validation Error:	The operation completed successfully
Error Number:	0
Not Before, Not After	24/11/2023 17:20:30 23/11/2026 17:20:29
Subject Chain	E=wxhere@hotmail.com, CN=Xing Wang, O=Xing Wang, L=Shanghai, C=CN
Version:	3
Thumbprint MD5:	7A742F7A11DA60D6B28ED77287CB1B98
Thumbprint SHA-1:	D1CDF37E4A61C7F13F8DF0BFA4A4A26BAB7AE33B
Thumbprint SHA-256:	FD3D28462CA469508569FB0D4DE9C956D168989F192D0558BF9A5FB288DAA54C
Serial:	48B06EDB116D54BE21D51656D91CF246

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0xc4000	0x9a	.edata
IMAGE_DIRECTORY_ENTRY_IMPORT	0xc2000	0xf36	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xc7000	0x1c358	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x2727b8	0x2790
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0xc6000	0x18	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0xc22e4	0x244	.idata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0xc3000	0x1a4	.didata
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0xb361c	0xb3800	ad6e46e3a3acdb533eb6a077f6d065af	False	0.3448639341051532	data	6.356058204328091	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.itext	0xb5000	0x1688	0x1800	d40fc822339d01f2abcc5493ac101c94	False	0.544921875	data	5.972750055221053	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.data	0xb7000	0x37a4	0x3800	4c195d5591f6d61265df08a3733de3a2	False	0.36097935267857145	data	5.044400562007734	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.bss	0xbb000	0x6de8	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0xc2000	0xf36	0x1000	a73d686f1e8b9bb06ec767721135e397	False	0.3681640625	data	4.8987046479600425	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.didata	0xc3000	0x1a4	0x200	41b8ce23dd243d14beebc71771885c89	False	0.345703125	data	2.7563628682496506	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.edata	0xc4000	0x9a	0x200	37c1a5c63717831863e018c0f51dabb7	False	0.2578125	data	1.8722228665884297	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.tls	0xc5000	0x18	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rdata	0xc6000	0x5d	0x200	8f2f090acd9622c88a6a852e72f94e96	False	0.189453125	data	1.3838943752217987	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc	0xc7000	0x1c358	0x1c400	2535f9c4c989641b0dda90b5f3cc5e48	False	0.5281733960176991	data	5.499677719140543	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_ICON	0xc7558	0x3173	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	English	United States	0.9552097322063354
RT_ICON	0xca6cc	0x10828	Device independent bitmap graphic, 128 x 256 x 32, image size 67584	English	United States	0.486498876138649
RT_ICON	0xdaef4	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9216	English	United States	0.6074688796680497
RT_ICON	0xdd49c	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4096	English	United States	0.6775328330206379
RT_ICON	0xde544	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 2304	English	United States	0.7344262295081967
RT_ICON	0xdeecc	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1024	English	United States	0.8182624113475178
RT_ICON	0xdf334	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4096	English	United States	0.6775328330206379
RT_STRING	0xe03dc	0x360	data			0.34375
RT_STRING	0xe073c	0x260	data			0.3256578947368421
RT_STRING	0xe099c	0x45c	data			0.4068100358422939
RT_STRING	0xe0df8	0x40c	data			0.3754826254826255
RT_STRING	0xe1204	0x2d4	data			0.39226519337016574
RT_STRING	0xe14d8	0xb8	data			0.6467391304347826
RT_STRING	0xe1590	0x9c	data			0.6410256410256411
RT_STRING	0xe162c	0x374	data			0.4230769230769231
RT_STRING	0xe19a0	0x398	data			0.3358695652173913
RT_STRING	0xe1d38	0x368	data			0.3795871559633027
RT_STRING	0xe20a0	0x2a4	data			0.4275147928994083
RT_RCDATA	0xe2344	0x10	data			1.5
RT_RCDATA	0xe2354	0x2c4	data			0.6384180790960452
RT_RCDATA	0xe2618	0x2c	data			1.2045454545454546
RT_GROUP_ICON	0xe2644	0x68	data	English	United States	0.7115384615384616
RT_VERSION	0xe26ac	0x584	data	English	United States	0.26274787535410765
RT_MANIFEST	0xe2c30	0x726	XML 1.0 document, ASCII text, with CRLF line terminators	English	United States	0.4005464480874317

DLL	Import
kernel32.dll	GetACP, GetExitCodeProcess, LocalFree, CloseHandle, SizeofResource, VirtualProtect, VirtualFree, GetFullPathNameW, ExitProcess, HeapAlloc, GetCPInfoExW, RtlUnwind, GetCPInfo, GetStdHandle, GetModuleHandleW, FreeLibrary, HeapDestroy, ReadFile, CreateProcessW, GetLastError, GetModuleFileNameW, SetLastError, FindResourceW, CreateThread, CompareStringW, LoadLibraryA, ResetEvent, GetVersion, RaiseException, FormatMessageW, SwitchToThread, GetExitCodeThread, GetCurrentThread, LoadLibraryExW, LockResource, GetCurrentThreadId, UnhandledExceptionFilter, VirtualQuery, VirtualQueryEx, Sleep, EnterCriticalSection, SetFilePointer, LoadResource, SuspendThread, GetTickCount, GetFileSize, GetStartupInfoW, GetFileAttributesW, InitializeCriticalSection, GetThreadPriority, SetThreadPriority, GetCurrentProcess, VirtualAlloc, GetSystemInfo, GetCommandLineW, LeaveCriticalSection, GetProcAddress, ResumeThread, GetVersionExW, VerifyVersionInfoW, HeapCreate, GetWindowsDirectoryW, VerSetConditionMask, GetDiskFreeSpaceW, FindFirstFileW, GetUserDefaultUILanguage, lstrlenW, QueryPerformanceCounter, SetEndOfFile, HeapFree, WideCharToMultiByte, FindClose, MultiByteToWideChar, LoadLibraryW, SetEvent, CreateFileW, GetLocaleInfoW, GetSystemDirectoryW, DeleteFileW, GetLocalTime, GetEnvironmentVariableW, WaitForSingleObject, WriteFile, ExitThread, DeleteCriticalSection, TlsGetValue, GetDateFormatW, SetErrorMode, IsValidLocale, TlsSetValue, CreateDirectoryW, GetSystemDefaultUILanguage, EnumCalendarInfoW, LocalAlloc, GetUserDefaultLangID, RemoveDirectoryW, CreateEventW, SetThreadLocale, GetThreadLocale
comctl32.dll	InitCommonControls
version.dll	GetFileVersionInfoSizeW, VerQueryValueW, GetFileVersionInfoW
user32.dll	CreateWindowExW, TranslateMessage, CharLowerBuffW, CallWindowProcW, CharUpperW, PeekMessageW, GetSystemMetrics, SetWindowLongW, MessageBoxW, DestroyWindow, CharUpperBuffW, CharNextW, MsgWaitForMultipleObjects, LoadStringW, ExitWindowsEx, DispatchMessageW
oleaut32.dll	SysAllocStringLen, SafeArrayPtrOfIndex, VariantCopy, SafeArrayGetLBound, SafeArrayGetUBound, VariantInit, VariantClear, SysFreeString, SysReAllocStringLen, VariantChangeType, SafeArrayCreate
netapi32.dll	NetWkstaGetInfo, NetApiBufferFree
advapi32.dll	RegQueryValueExW, AdjustTokenPrivileges, LookupPrivilegeValueW, RegCloseKey, OpenProcessToken, RegOpenKeyExW

Name	Ordinal	Address
TMethodImplementationIntercept	3	0x454060
__dbk_fcall_wrapper	2	0x40d0a0
dbkFCallWrapperAddr	1	0x4be63c

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jul 18, 2024 21:38:06.020447016 CEST	192.168.2.4	1.1.1.1	0x17	Standard query (0)	d11iilsblp9z11.cloudfront.net	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:38:54.000266075 CEST	192.168.2.4	1.1.1.1	0x3dbb	Standard query (0)	www.bitcomet.com	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:39:05.909312010 CEST	192.168.2.4	1.1.1.1	0xfc0c	Standard query (0)	d11iilsblp9z11.cloudfront.net	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:39:06.459711075 CEST	192.168.2.4	1.1.1.1	0xe89c	Standard query (0)	analytics.apis.mcafee.com	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:39:07.953645945 CEST	192.168.2.4	1.1.1.1	0xc355	Standard query (0)	honzik.avcdn.net	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:39:07.955897093 CEST	192.168.2.4	1.1.1.1	0x9d04	Standard query (0)	v7event.stats.avast.com	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:39:08.775079966 CEST	192.168.2.4	1.1.1.1	0xcd64	Standard query (0)	sadownload.mcafee.com	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:39:11.000627041 CEST	192.168.2.4	1.1.1.1	0x695c	Standard query (0)	analytics.avcdn.net	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:39:14.151856899 CEST	192.168.2.4	1.1.1.1	0x3d40	Standard query (0)	router.bittorrent.com	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:39:14.151979923 CEST	192.168.2.4	1.1.1.1	0x5d80	Standard query (0)	router.bittorrent.com	28	IN (0x0001)	false
Jul 18, 2024 21:39:14.152290106 CEST	192.168.2.4	1.1.1.1	0x662d	Standard query (0)	router.utorrent.com	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:39:14.152391911 CEST	192.168.2.4	1.1.1.1	0x75c2	Standard query (0)	router.utorrent.com	28	IN (0x0001)	false
Jul 18, 2024 21:39:14.153083086 CEST	192.168.2.4	1.1.1.1	0x2d85	Standard query (0)	dht.transmissionbt.com	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:39:14.153213978 CEST	192.168.2.4	1.1.1.1	0x3ffb	Standard query (0)	dht.transmissionbt.com	28	IN (0x0001)	false
Jul 18, 2024 21:39:14.153465986 CEST	192.168.2.4	1.1.1.1	0x7daa	Standard query (0)	router.silotis.us	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:39:14.153687000 CEST	192.168.2.4	1.1.1.1	0x4d7	Standard query (0)	router.silotis.us	28	IN (0x0001)	false
Jul 18, 2024 21:39:14.154856920 CEST	192.168.2.4	1.1.1.1	0xdc37	Standard query (0)	dht.libtorrent.org	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:39:14.154978991 CEST	192.168.2.4	1.1.1.1	0xebf3	Standard query (0)	dht.libtorrent.org	28	IN (0x0001)	false
Jul 18, 2024 21:39:15.158055067 CEST	192.168.2.4	1.1.1.1	0xebf3	Standard query (0)	dht.libtorrent.org	28	IN (0x0001)	false
Jul 18, 2024 21:39:15.158133030 CEST	192.168.2.4	1.1.1.1	0x75c2	Standard query (0)	router.utorrent.com	28	IN (0x0001)	false
Jul 18, 2024 21:39:15.158155918 CEST	192.168.2.4	1.1.1.1	0xdc37	Standard query (0)	dht.libtorrent.org	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:39:15.158174038 CEST	192.168.2.4	1.1.1.1	0x662d	Standard query (0)	router.utorrent.com	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:39:15.158199072 CEST	192.168.2.4	1.1.1.1	0x5d80	Standard query (0)	router.bittorrent.com	28	IN (0x0001)	false
Jul 18, 2024 21:39:15.158210039 CEST	192.168.2.4	1.1.1.1	0x3d40	Standard query (0)	router.bittorrent.com	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:39:16.173799038 CEST	192.168.2.4	1.1.1.1	0x3d40	Standard query (0)	router.bittorrent.com	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:39:16.173847914 CEST	192.168.2.4	1.1.1.1	0x5d80	Standard query (0)	router.bittorrent.com	28	IN (0x0001)	false
Jul 18, 2024 21:39:16.173866034 CEST	192.168.2.4	1.1.1.1	0x662d	Standard query (0)	router.utorrent.com	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:39:16.173896074 CEST	192.168.2.4	1.1.1.1	0xdc37	Standard query (0)	dht.libtorrent.org	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:39:16.173917055 CEST	192.168.2.4	1.1.1.1	0x75c2	Standard query (0)	router.utorrent.com	28	IN (0x0001)	false
Jul 18, 2024 21:39:16.173932076 CEST	192.168.2.4	1.1.1.1	0xebf3	Standard query (0)	dht.libtorrent.org	28	IN (0x0001)	false
Jul 18, 2024 21:39:18.190534115 CEST	192.168.2.4	1.1.1.1	0xebf3	Standard query (0)	dht.libtorrent.org	28	IN (0x0001)	false
Jul 18, 2024 21:39:18.190561056 CEST	192.168.2.4	1.1.1.1	0x75c2	Standard query (0)	router.utorrent.com	28	IN (0x0001)	false
Jul 18, 2024 21:39:18.190577984 CEST	192.168.2.4	1.1.1.1	0xdc37	Standard query (0)	dht.libtorrent.org	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:39:18.190597057 CEST	192.168.2.4	1.1.1.1	0x662d	Standard query (0)	router.utorrent.com	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:39:18.190610886 CEST	192.168.2.4	1.1.1.1	0x5d80	Standard query (0)	router.bittorrent.com	28	IN (0x0001)	false
Jul 18, 2024 21:39:18.190639019 CEST	192.168.2.4	1.1.1.1	0x3d40	Standard query (0)	router.bittorrent.com	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:39:18.466186047 CEST	192.168.2.4	1.1.1.1	0xd45e	Standard query (0)	update.bitcomet.com	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:39:18.466325045 CEST	192.168.2.4	1.1.1.1	0xc925	Standard query (0)	update.bitcomet.com	28	IN (0x0001)	false
Jul 18, 2024 21:39:20.334137917 CEST	192.168.2.4	1.1.1.1	0x2459	Standard query (0)	inside.bitcomet.com	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:39:20.345772982 CEST	192.168.2.4	1.1.1.1	0xb407	Standard query (0)	inside.bitcomet.com	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:39:20.346076965 CEST	192.168.2.4	1.1.1.1	0x22f8	Standard query (0)	inside.bitcomet.com	65	IN (0x0001)	false
Jul 18, 2024 21:39:20.509413004 CEST	192.168.2.4	1.1.1.1	0x861c	Standard query (0)	sadownload.mcafee.com	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:39:22.192523003 CEST	192.168.2.4	1.1.1.1	0x3d40	Standard query (0)	router.bittorrent.com	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:39:22.192545891 CEST	192.168.2.4	1.1.1.1	0x5d80	Standard query (0)	router.bittorrent.com	28	IN (0x0001)	false
Jul 18, 2024 21:39:22.192573071 CEST	192.168.2.4	1.1.1.1	0x662d	Standard query (0)	router.utorrent.com	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:39:22.192590952 CEST	192.168.2.4	1.1.1.1	0xdc37	Standard query (0)	dht.libtorrent.org	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:39:22.192615986 CEST	192.168.2.4	1.1.1.1	0x75c2	Standard query (0)	router.utorrent.com	28	IN (0x0001)	false
Jul 18, 2024 21:39:22.192631006 CEST	192.168.2.4	1.1.1.1	0xebf3	Standard query (0)	dht.libtorrent.org	28	IN (0x0001)	false
Jul 18, 2024 21:39:23.884289980 CEST	192.168.2.4	1.1.1.1	0x1535	Standard query (0)	apphit.com	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:39:23.884749889 CEST	192.168.2.4	1.1.1.1	0xe8fa	Standard query (0)	apphit.com	65	IN (0x0001)	false
Jul 18, 2024 21:39:23.885468006 CEST	192.168.2.4	1.1.1.1	0x189a	Standard query (0)	apphit.com	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:39:23.886389017 CEST	192.168.2.4	1.1.1.1	0xf46a	Standard query (0)	inside.bitcomet.com	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:39:23.975413084 CEST	192.168.2.4	1.1.1.1	0x15bc	Standard query (0)	appassets.bitcomet.com	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:39:23.975851059 CEST	192.168.2.4	1.1.1.1	0x6f77	Standard query (0)	appassets.bitcomet.com	65	IN (0x0001)	false
Jul 18, 2024 21:39:23.976526976 CEST	192.168.2.4	1.1.1.1	0x6d8e	Standard query (0)	appassets.bitcomet.com	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:39:23.986361027 CEST	192.168.2.4	1.1.1.1	0xa7fb	Standard query (0)	appassets.bitcomet.com	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:39:24.914158106 CEST	192.168.2.4	1.1.1.1	0xb1d7	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:39:24.914814949 CEST	192.168.2.4	1.1.1.1	0x27a	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false
Jul 18, 2024 21:39:24.915282011 CEST	192.168.2.4	1.1.1.1	0xadcc	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:39:24.915514946 CEST	192.168.2.4	1.1.1.1	0x2ce8	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false
Jul 18, 2024 21:39:30.353543997 CEST	192.168.2.4	1.1.1.1	0xbf09	Standard query (0)	appassets.bitcomet.com	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:39:30.353884935 CEST	192.168.2.4	1.1.1.1	0x9051	Standard query (0)	appassets.bitcomet.com	65	IN (0x0001)	false
Jul 18, 2024 21:39:30.377914906 CEST	192.168.2.4	1.1.1.1	0x859e	Standard query (0)	appassets.bitcomet.com	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:39:30.378252983 CEST	192.168.2.4	1.1.1.1	0xbbf8	Standard query (0)	honzik.avcdn.net	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:39:36.094136953 CEST	192.168.2.4	1.1.1.1	0x10e5	Standard query (0)	analytics.avcdn.net	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:39:36.099195004 CEST	192.168.2.4	1.1.1.1	0x1cb5	Standard query (0)	shepherd.avcdn.net	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:39:37.311589003 CEST	192.168.2.4	1.1.1.1	0x3bde	Standard query (0)	honzik.avcdn.net	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:39:38.351672888 CEST	192.168.2.4	1.1.1.1	0xa985	Standard query (0)	shepherd.avcdn.net	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:39:39.341792107 CEST	192.168.2.4	1.1.1.1	0x133e	Standard query (0)	honzik.avcdn.net	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:39:39.342236042 CEST	192.168.2.4	1.1.1.1	0xe440	Standard query (0)	honzik.avcdn.net	28	IN (0x0001)	false
Jul 18, 2024 21:39:40.321389914 CEST	192.168.2.4	1.1.1.1	0xfe55	Standard query (0)	honzik.avcdn.net	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:39:40.321650982 CEST	192.168.2.4	1.1.1.1	0xf84d	Standard query (0)	honzik.avcdn.net	28	IN (0x0001)	false
Jul 18, 2024 21:39:51.576869965 CEST	192.168.2.4	1.1.1.1	0x5d77	Standard query (0)	sadownload.mcafee.com	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:39:52.518529892 CEST	192.168.2.4	1.1.1.1	0x4a5c	Standard query (0)	analytics.avcdn.net	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:39:53.539355993 CEST	192.168.2.4	1.1.1.1	0x9110	Standard query (0)	analytics.avcdn.net	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:39:53.645165920 CEST	192.168.2.4	1.1.1.1	0x3591	Standard query (0)	shepherd.avcdn.net	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:39:53.904268980 CEST	192.168.2.4	1.1.1.1	0x884f	Standard query (0)	analytics.apis.mcafee.com	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:39:54.502242088 CEST	192.168.2.4	1.1.1.1	0x2b32	Standard query (0)	honzik.avcdn.net	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:39:54.502800941 CEST	192.168.2.4	1.1.1.1	0x4004	Standard query (0)	honzik.avcdn.net	28	IN (0x0001)	false
Jul 18, 2024 21:40:03.009404898 CEST	192.168.2.4	1.1.1.1	0x3e00	Standard query (0)	sadownload.mcafee.com	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:40:14.060288906 CEST	192.168.2.4	1.1.1.1	0xe9f8	Standard query (0)	sadownload.mcafee.com	A (IP address)	IN (0x0001)	false

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jul 18, 2024 21:38:06.046114922 CEST	1.1.1.1	192.168.2.4	0x17	No error (0)	d11iilsblp9z11.cloudfront.net		13.249.12.125	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:38:06.046114922 CEST	1.1.1.1	192.168.2.4	0x17	No error (0)	d11iilsblp9z11.cloudfront.net		13.249.12.63	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:38:06.046114922 CEST	1.1.1.1	192.168.2.4	0x17	No error (0)	d11iilsblp9z11.cloudfront.net		13.249.12.203	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:38:06.046114922 CEST	1.1.1.1	192.168.2.4	0x17	No error (0)	d11iilsblp9z11.cloudfront.net		13.249.12.80	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:38:54.031037092 CEST	1.1.1.1	192.168.2.4	0x3dbb	No error (0)	www.bitcomet.com	bitcomet.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 18, 2024 21:38:54.031037092 CEST	1.1.1.1	192.168.2.4	0x3dbb	No error (0)	bitcomet.com		161.97.135.85	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:39:05.925430059 CEST	1.1.1.1	192.168.2.4	0xfc0c	No error (0)	d11iilsblp9z11.cloudfront.net		143.204.205.88	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:39:05.925430059 CEST	1.1.1.1	192.168.2.4	0xfc0c	No error (0)	d11iilsblp9z11.cloudfront.net		143.204.205.105	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:39:05.925430059 CEST	1.1.1.1	192.168.2.4	0xfc0c	No error (0)	d11iilsblp9z11.cloudfront.net		143.204.205.21	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:39:05.925430059 CEST	1.1.1.1	192.168.2.4	0xfc0c	No error (0)	d11iilsblp9z11.cloudfront.net		143.204.205.208	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:39:06.467540026 CEST	1.1.1.1	192.168.2.4	0xe89c	No error (0)	analytics.apis.mcafee.com	mosaic-orio.apis.mcafee.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 18, 2024 21:39:06.467540026 CEST	1.1.1.1	192.168.2.4	0xe89c	No error (0)	mosaic-orio.apis.mcafee.com		52.25.171.187	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:39:06.467540026 CEST	1.1.1.1	192.168.2.4	0xe89c	No error (0)	mosaic-orio.apis.mcafee.com		52.40.60.95	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:39:06.467540026 CEST	1.1.1.1	192.168.2.4	0xe89c	No error (0)	mosaic-orio.apis.mcafee.com		54.149.119.32	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:39:06.467540026 CEST	1.1.1.1	192.168.2.4	0xe89c	No error (0)	mosaic-orio.apis.mcafee.com		52.12.249.73	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:39:06.467540026 CEST	1.1.1.1	192.168.2.4	0xe89c	No error (0)	mosaic-orio.apis.mcafee.com		35.163.136.59	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:39:06.467540026 CEST	1.1.1.1	192.168.2.4	0xe89c	No error (0)	mosaic-orio.apis.mcafee.com		18.236.20.221	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:39:06.467540026 CEST	1.1.1.1	192.168.2.4	0xe89c	No error (0)	mosaic-orio.apis.mcafee.com		52.27.94.100	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:39:06.467540026 CEST	1.1.1.1	192.168.2.4	0xe89c	No error (0)	mosaic-orio.apis.mcafee.com		54.68.165.193	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:39:07.964207888 CEST	1.1.1.1	192.168.2.4	0xc355	No error (0)	honzik.avcdn.net	s-honzik.avcdn.net.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 18, 2024 21:39:07.964351892 CEST	1.1.1.1	192.168.2.4	0x9d04	No error (0)	v7event.stats.avast.com	analytics.ff.avast.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 18, 2024 21:39:07.964351892 CEST	1.1.1.1	192.168.2.4	0x9d04	No error (0)	analytics.ff.avast.com	analytics-prod-gcp.ff.avast.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 18, 2024 21:39:07.964351892 CEST	1.1.1.1	192.168.2.4	0x9d04	No error (0)	analytics-prod-gcp.ff.avast.com		34.117.223.223	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:39:08.784219980 CEST	1.1.1.1	192.168.2.4	0xcd64	No error (0)	sadownload.mcafee.com	sadownload-r53.awsconsumer.mcafee.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 18, 2024 21:39:08.784219980 CEST	1.1.1.1	192.168.2.4	0xcd64	No error (0)	sadownload-r53.awsconsumer.mcafee.com	sadownload.mcafee.com.edgesuite.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 18, 2024 21:39:11.018448114 CEST	1.1.1.1	192.168.2.4	0x695c	No error (0)	analytics.avcdn.net	analytics.ff.avast.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 18, 2024 21:39:11.018448114 CEST	1.1.1.1	192.168.2.4	0x695c	No error (0)	analytics.ff.avast.com	analytics-prod-gcp.ff.avast.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 18, 2024 21:39:11.018448114 CEST	1.1.1.1	192.168.2.4	0x695c	No error (0)	analytics-prod-gcp.ff.avast.com		34.117.223.223	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:39:14.162837982 CEST	1.1.1.1	192.168.2.4	0x3ffb	No error (0)	dht.transmissionbt.com			28	IN (0x0001)	false
Jul 18, 2024 21:39:14.163660049 CEST	1.1.1.1	192.168.2.4	0x4d7	No error (0)	router.silotis.us			28	IN (0x0001)	false
Jul 18, 2024 21:39:14.163695097 CEST	1.1.1.1	192.168.2.4	0x2d85	No error (0)	dht.transmissionbt.com		87.98.162.88	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:39:14.163695097 CEST	1.1.1.1	192.168.2.4	0x2d85	No error (0)	dht.transmissionbt.com		212.129.33.59	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:39:18.486069918 CEST	1.1.1.1	192.168.2.4	0xd45e	No error (0)	update.bitcomet.com		161.97.135.85	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:39:18.487575054 CEST	1.1.1.1	192.168.2.4	0xc925	No error (0)	update.bitcomet.com			28	IN (0x0001)	false
Jul 18, 2024 21:39:20.353432894 CEST	1.1.1.1	192.168.2.4	0x2459	No error (0)	inside.bitcomet.com		161.97.135.85	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:39:20.364183903 CEST	1.1.1.1	192.168.2.4	0xb407	No error (0)	inside.bitcomet.com		161.97.135.85	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:39:20.520313978 CEST	1.1.1.1	192.168.2.4	0x861c	No error (0)	sadownload.mcafee.com	sadownload-r53.awsconsumer.mcafee.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 18, 2024 21:39:20.520313978 CEST	1.1.1.1	192.168.2.4	0x861c	No error (0)	sadownload-r53.awsconsumer.mcafee.com	sadownload.mcafee.com.edgesuite.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 18, 2024 21:39:23.906335115 CEST	1.1.1.1	192.168.2.4	0xf46a	No error (0)	inside.bitcomet.com		161.97.135.85	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:39:23.916254997 CEST	1.1.1.1	192.168.2.4	0x1535	No error (0)	apphit.com		95.111.225.211	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:39:23.985265017 CEST	1.1.1.1	192.168.2.4	0x6d8e	Name error (3)	appassets.bitcomet.com	none	none	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:39:23.994544983 CEST	1.1.1.1	192.168.2.4	0x6f77	Name error (3)	appassets.bitcomet.com	none	none	65	IN (0x0001)	false
Jul 18, 2024 21:39:23.996781111 CEST	1.1.1.1	192.168.2.4	0x15bc	Name error (3)	appassets.bitcomet.com	none	none	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:39:24.004678965 CEST	1.1.1.1	192.168.2.4	0xa7fb	Name error (3)	appassets.bitcomet.com	none	none	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:39:24.063704967 CEST	1.1.1.1	192.168.2.4	0x189a	No error (0)	apphit.com		95.111.225.211	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:39:24.921474934 CEST	1.1.1.1	192.168.2.4	0xb1d7	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:39:24.921474934 CEST	1.1.1.1	192.168.2.4	0xb1d7	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:39:24.922110081 CEST	1.1.1.1	192.168.2.4	0x27a	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Jul 18, 2024 21:39:24.923171997 CEST	1.1.1.1	192.168.2.4	0x2ce8	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Jul 18, 2024 21:39:24.923405886 CEST	1.1.1.1	192.168.2.4	0xadcc	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:39:24.923405886 CEST	1.1.1.1	192.168.2.4	0xadcc	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:39:30.371000051 CEST	1.1.1.1	192.168.2.4	0x9051	Name error (3)	appassets.bitcomet.com	none	none	65	IN (0x0001)	false
Jul 18, 2024 21:39:30.372694016 CEST	1.1.1.1	192.168.2.4	0xbf09	Name error (3)	appassets.bitcomet.com	none	none	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:39:30.392241955 CEST	1.1.1.1	192.168.2.4	0xbbf8	No error (0)	honzik.avcdn.net	s-honzik.avcdn.net.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 18, 2024 21:39:30.400012016 CEST	1.1.1.1	192.168.2.4	0x859e	Name error (3)	appassets.bitcomet.com	none	none	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:39:36.101722002 CEST	1.1.1.1	192.168.2.4	0x10e5	No error (0)	analytics.avcdn.net	analytics.ff.avast.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 18, 2024 21:39:36.101722002 CEST	1.1.1.1	192.168.2.4	0x10e5	No error (0)	analytics.ff.avast.com	analytics-prod-gcp.ff.avast.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 18, 2024 21:39:36.101722002 CEST	1.1.1.1	192.168.2.4	0x10e5	No error (0)	analytics-prod-gcp.ff.avast.com		34.117.223.223	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:39:36.108319998 CEST	1.1.1.1	192.168.2.4	0x1cb5	No error (0)	shepherd.avcdn.net	shepherd.ff.avast.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 18, 2024 21:39:36.108319998 CEST	1.1.1.1	192.168.2.4	0x1cb5	No error (0)	shepherd.ff.avast.com	shepherd-gcp.ff.avast.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 18, 2024 21:39:36.108319998 CEST	1.1.1.1	192.168.2.4	0x1cb5	No error (0)	shepherd-gcp.ff.avast.com		34.160.176.28	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:39:37.319504976 CEST	1.1.1.1	192.168.2.4	0x3bde	No error (0)	honzik.avcdn.net	s-honzik.avcdn.net.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 18, 2024 21:39:38.358799934 CEST	1.1.1.1	192.168.2.4	0xa985	No error (0)	shepherd.avcdn.net	shepherd.ff.avast.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 18, 2024 21:39:38.358799934 CEST	1.1.1.1	192.168.2.4	0xa985	No error (0)	shepherd.ff.avast.com	shepherd-gcp.ff.avast.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 18, 2024 21:39:38.358799934 CEST	1.1.1.1	192.168.2.4	0xa985	No error (0)	shepherd-gcp.ff.avast.com		34.160.176.28	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:39:39.351089954 CEST	1.1.1.1	192.168.2.4	0x133e	No error (0)	honzik.avcdn.net	s-honzik.avcdn.net.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 18, 2024 21:39:39.437155008 CEST	1.1.1.1	192.168.2.4	0xe440	No error (0)	honzik.avcdn.net	s-honzik.avcdn.net.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 18, 2024 21:39:40.329463959 CEST	1.1.1.1	192.168.2.4	0xfe55	No error (0)	honzik.avcdn.net	s-honzik.avcdn.net.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 18, 2024 21:39:40.332082033 CEST	1.1.1.1	192.168.2.4	0xf84d	No error (0)	honzik.avcdn.net	s-honzik.avcdn.net.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 18, 2024 21:39:43.537460089 CEST	1.1.1.1	192.168.2.4	0xb9c3	No error (0)	prod.globalsign.map.fastly.net		151.101.2.133	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:39:43.537460089 CEST	1.1.1.1	192.168.2.4	0xb9c3	No error (0)	prod.globalsign.map.fastly.net		151.101.66.133	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:39:43.537460089 CEST	1.1.1.1	192.168.2.4	0xb9c3	No error (0)	prod.globalsign.map.fastly.net		151.101.194.133	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:39:43.537460089 CEST	1.1.1.1	192.168.2.4	0xb9c3	No error (0)	prod.globalsign.map.fastly.net		151.101.130.133	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:39:51.583827019 CEST	1.1.1.1	192.168.2.4	0x5d77	No error (0)	sadownload.mcafee.com	sadownload-r53.awsconsumer.mcafee.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 18, 2024 21:39:51.583827019 CEST	1.1.1.1	192.168.2.4	0x5d77	No error (0)	sadownload-r53.awsconsumer.mcafee.com	sadownload.mcafee.com.edgesuite.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 18, 2024 21:39:52.526156902 CEST	1.1.1.1	192.168.2.4	0x4a5c	No error (0)	analytics.avcdn.net	analytics.ff.avast.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 18, 2024 21:39:52.526156902 CEST	1.1.1.1	192.168.2.4	0x4a5c	No error (0)	analytics.ff.avast.com	analytics-prod-gcp.ff.avast.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 18, 2024 21:39:52.526156902 CEST	1.1.1.1	192.168.2.4	0x4a5c	No error (0)	analytics-prod-gcp.ff.avast.com		34.117.223.223	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:39:53.548980951 CEST	1.1.1.1	192.168.2.4	0x9110	No error (0)	analytics.avcdn.net	analytics.ff.avast.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 18, 2024 21:39:53.548980951 CEST	1.1.1.1	192.168.2.4	0x9110	No error (0)	analytics.ff.avast.com	analytics-prod-gcp.ff.avast.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 18, 2024 21:39:53.548980951 CEST	1.1.1.1	192.168.2.4	0x9110	No error (0)	analytics-prod-gcp.ff.avast.com		34.117.223.223	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:39:53.652046919 CEST	1.1.1.1	192.168.2.4	0x3591	No error (0)	shepherd.avcdn.net	shepherd.ff.avast.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 18, 2024 21:39:53.652046919 CEST	1.1.1.1	192.168.2.4	0x3591	No error (0)	shepherd.ff.avast.com	shepherd-gcp.ff.avast.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 18, 2024 21:39:53.652046919 CEST	1.1.1.1	192.168.2.4	0x3591	No error (0)	shepherd-gcp.ff.avast.com		34.160.176.28	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:39:53.912810087 CEST	1.1.1.1	192.168.2.4	0x884f	No error (0)	analytics.apis.mcafee.com	mosaic-orio.apis.mcafee.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 18, 2024 21:39:53.912810087 CEST	1.1.1.1	192.168.2.4	0x884f	No error (0)	mosaic-orio.apis.mcafee.com		35.167.248.78	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:39:53.912810087 CEST	1.1.1.1	192.168.2.4	0x884f	No error (0)	mosaic-orio.apis.mcafee.com		52.37.69.68	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:39:53.912810087 CEST	1.1.1.1	192.168.2.4	0x884f	No error (0)	mosaic-orio.apis.mcafee.com		54.149.154.10	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:39:53.912810087 CEST	1.1.1.1	192.168.2.4	0x884f	No error (0)	mosaic-orio.apis.mcafee.com		52.12.249.73	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:39:53.912810087 CEST	1.1.1.1	192.168.2.4	0x884f	No error (0)	mosaic-orio.apis.mcafee.com		54.149.119.32	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:39:53.912810087 CEST	1.1.1.1	192.168.2.4	0x884f	No error (0)	mosaic-orio.apis.mcafee.com		54.68.165.193	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:39:53.912810087 CEST	1.1.1.1	192.168.2.4	0x884f	No error (0)	mosaic-orio.apis.mcafee.com		52.27.94.100	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:39:53.912810087 CEST	1.1.1.1	192.168.2.4	0x884f	No error (0)	mosaic-orio.apis.mcafee.com		35.163.4.159	A (IP address)	IN (0x0001)	false
Jul 18, 2024 21:39:54.516870975 CEST	1.1.1.1	192.168.2.4	0x2b32	No error (0)	honzik.avcdn.net	s-honzik.avcdn.net.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 18, 2024 21:39:54.518341064 CEST	1.1.1.1	192.168.2.4	0x4004	No error (0)	honzik.avcdn.net	s-honzik.avcdn.net.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 18, 2024 21:40:03.018516064 CEST	1.1.1.1	192.168.2.4	0x3e00	No error (0)	sadownload.mcafee.com	sadownload-r53.awsconsumer.mcafee.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 18, 2024 21:40:03.018516064 CEST	1.1.1.1	192.168.2.4	0x3e00	No error (0)	sadownload-r53.awsconsumer.mcafee.com	sadownload.mcafee.com.edgesuite.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 18, 2024 21:40:14.067236900 CEST	1.1.1.1	192.168.2.4	0xe9f8	No error (0)	sadownload.mcafee.com	sadownload-r53.awsconsumer.mcafee.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 18, 2024 21:40:14.067236900 CEST	1.1.1.1	192.168.2.4	0xe9f8	No error (0)	sadownload-r53.awsconsumer.mcafee.com	sadownload.mcafee.com.edgesuite.net		CNAME (Canonical name)	IN (0x0001)	false

Timestamp	Bytes transferred	Direction	Data
Jul 18, 2024 21:39:07.975289106 CEST	175	OUT	POST /cgi-bin/iavsevents.cgi HTTP/1.1 Connection: Keep-Alive Content-Type: iavs4/stats User-Agent: AVG Microstub/2.1 Content-Length: 268 Host: v7event.stats.avast.com
Jul 18, 2024 21:39:07.975311995 CEST	268	OUT	Data Raw: 63 6f 6f 6b 69 65 3d 6d 6d 6d 5f 69 72 73 5f 70 70 69 5f 39 30 32 5f 34 35 31 5f 6f 0a 65 64 69 74 69 6f 6e 3d 31 35 0a 65 76 65 6e 74 3d 6d 69 63 72 6f 73 74 75 62 2d 73 74 61 72 74 0a 6d 69 64 65 78 3d 33 46 35 43 37 43 44 34 34 44 31 46 36 41 Data Ascii: cookie=mmm_irs_ppi_902_451_oedition=15event=microstub-startmidex=3F5C7CD44D1F6AC769934CADA267B4DF43CEF16EBFB411D103FDD4B0F14B185Fstat_session=1840c678-d62a-4945-8e4f-36eaf3f0c4a5statsSendTime=1721331547os=win,10,0,2,19045,0,AMD64exe_ver
Jul 18, 2024 21:39:08.462748051 CEST	96	IN	HTTP/1.1 204 No Content Server: nginx Date: Thu, 18 Jul 2024 19:39:08 GMT Via: 1.1 google
Jul 18, 2024 21:39:10.390671968 CEST	175	OUT	POST /cgi-bin/iavsevents.cgi HTTP/1.1 Connection: Keep-Alive Content-Type: iavs4/stats User-Agent: AVG Microstub/2.1 Content-Length: 282 Host: v7event.stats.avast.com
Jul 18, 2024 21:39:10.390702963 CEST	282	OUT	Data Raw: 63 6f 6f 6b 69 65 3d 6d 6d 6d 5f 69 72 73 5f 70 70 69 5f 39 30 32 5f 34 35 31 5f 6f 0a 65 64 69 74 69 6f 6e 3d 31 35 0a 65 76 65 6e 74 3d 6d 69 63 72 6f 73 74 75 62 2d 64 6f 77 6e 6c 6f 61 64 0a 6d 69 64 65 78 3d 33 46 35 43 37 43 44 34 34 44 31 Data Ascii: cookie=mmm_irs_ppi_902_451_oedition=15event=microstub-downloadmidex=3F5C7CD44D1F6AC769934CADA267B4DF43CEF16EBFB411D103FDD4B0F14B185Fstat_session=1840c678-d62a-4945-8e4f-36eaf3f0c4a5statsSendTime=1721331549os=win,10,0,2,19045,0,AMD64exe_
Jul 18, 2024 21:39:10.515490055 CEST	96	IN	HTTP/1.1 204 No Content Server: nginx Date: Thu, 18 Jul 2024 19:39:10 GMT Via: 1.1 google

Timestamp	Bytes transferred	Direction	Data
2024-07-18 19:38:06 UTC	233	OUT	POST /o HTTP/1.1 Connection: Keep-Alive Content-Type: application/json; Charset=UTF-8 Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Content-Length: 122 Host: d11iilsblp9z11.cloudfront.net
2024-07-18 19:38:06 UTC	122	OUT	Data Raw: 7b 22 70 72 76 22 3a 20 22 30 2e 31 22 2c 22 70 6c 76 22 3a 20 22 32 2e 34 30 2e 31 2e 38 39 31 32 22 2c 22 6c 22 3a 20 22 65 6e 22 2c 22 61 22 3a 20 22 42 69 74 43 6f 6d 65 74 22 2c 22 69 22 3a 20 22 42 69 74 43 6f 6d 65 74 5f 50 75 62 5f 42 22 2c 22 73 22 3a 20 22 42 69 74 43 6f 6d 65 74 22 2c 22 6f 22 3a 20 22 31 30 2e 30 2e 31 39 30 34 35 2e 32 30 30 36 22 7d Data Ascii: {"prv": "0.1","plv": "2.40.1.8912","l": "en","a": "BitComet","i": "BitComet_Pub_B","s": "BitComet","o": "10.0.19045.2006"}
2024-07-18 19:38:07 UTC	489	IN	HTTP/1.1 200 OK Content-Type: application/json Content-Length: 10752 Connection: close Server: awselb/2.0 Date: Thu, 18 Jul 2024 19:38:07 GMT x-true-request-id: 455d1345-91e2-45a4-acea-108c08c48e85 x-robots-tag: none expires: Thu, 01 Jan 1970 00:00:00 GMT cache-control: no-cache X-Cache: Miss from cloudfront Via: 1.1 b59465a36dda3b4ec573f7a87861306c.cloudfront.net (CloudFront) X-Amz-Cf-Pop: CDG53-C1 X-Amz-Cf-Id: 4sG3i8BRTubpePZshAGDZX0F6mbNte1fK6gVYpM53inkrvRxoJrx5g==
2024-07-18 19:38:07 UTC	10752	IN	Data Raw: 7b 22 76 22 3a 22 30 2e 31 22 2c 22 6c 22 3a 22 55 53 22 2c 22 69 22 3a 7b 22 63 75 22 3a 22 22 2c 22 63 74 22 3a 22 22 2c 22 63 70 22 3a 22 22 2c 22 63 74 75 22 3a 22 22 2c 22 63 6c 22 3a 22 22 2c 22 63 68 22 3a 22 22 2c 22 63 61 22 3a 22 76 35 2e 38 33 22 2c 22 63 66 22 3a 22 22 2c 22 63 70 69 22 3a 22 22 2c 22 63 70 73 22 3a 22 22 2c 22 63 64 22 3a 22 22 2c 22 63 70 72 22 3a 22 22 2c 22 63 70 70 22 3a 22 22 2c 22 63 66 6c 22 3a 22 22 2c 22 63 6a 22 3a 22 2b 31 22 2c 22 63 62 22 3a 22 22 2c 22 63 6f 64 22 3a 22 22 2c 22 63 74 70 22 3a 22 22 2c 22 63 65 70 22 3a 22 22 7d 2c 22 66 22 3a 7b 22 6d 22 3a 32 2c 22 78 22 3a 22 32 30 32 34 2d 30 37 2d 32 37 54 31 39 3a 33 38 3a 30 37 2e 31 33 35 5a 22 2c 22 61 22 3a 22 31 61 62 64 22 2c 22 64 22 3a 22 31 36 38 Data Ascii: {"v":"0.1","l":"US","i":{"cu":"","ct":"","cp":"","ctu":"","cl":"","ch":"","ca":"v5.83","cf":"","cpi":"","cps":"","cd":"","cpr":"","cpp":"","cfl":"","cj":"+1","cb":"","cod":"","ctp":"","cep":""},"f":{"m":2,"x":"2024-07-27T19:38:07.135Z","a":"1abd","d":"168

Timestamp	Bytes transferred	Direction	Data
2024-07-18 19:38:08 UTC	326	OUT	POST /zbd HTTP/1.1 Connection: Keep-Alive Content-Type: application/json; Charset=UTF-8 Accept: / Authorization: Signature=c0ca984d9cd1b9e9ffdf6097b502a49003af5070b14ac3fa1760d15f36f3f81f User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Content-Length: 273 Host: d11iilsblp9z11.cloudfront.net
2024-07-18 19:38:08 UTC	273	OUT	Data Raw: 7b 22 74 61 62 6c 65 22 3a 22 7a 62 5f 61 6e 61 6c 79 74 69 63 73 22 2c 22 64 61 74 61 22 3a 22 7b 5c 22 30 5c 22 3a 5c 22 5c 22 2c 5c 22 31 5c 22 3a 5c 22 39 65 31 34 36 62 65 39 2d 63 37 36 61 2d 34 37 32 30 2d 62 63 64 62 2d 35 33 30 31 31 62 38 37 62 64 30 36 5c 22 2c 5c 22 32 5c 22 3a 5c 22 32 30 32 34 30 37 31 38 31 35 33 38 30 36 5c 22 2c 5c 22 33 5c 22 3a 5c 22 42 69 74 43 6f 6d 65 74 5c 22 2c 5c 22 34 5c 22 3a 5c 22 42 69 74 43 6f 6d 65 74 5f 50 75 62 5f 42 5c 22 2c 5c 22 35 5c 22 3a 5c 22 5c 22 2c 5c 22 31 38 5c 22 3a 5c 22 5c 22 2c 5c 22 31 39 5c 22 3a 5c 22 5c 22 2c 5c 22 32 31 5c 22 3a 5c 22 5c 22 2c 5c 22 36 5c 22 3a 5c 22 31 5c 22 2c 5c 22 37 5c 22 3a 5c 22 32 2e 34 30 2e 31 2e 38 39 31 32 5c 22 2c 5c 22 31 35 5c 22 3a 30 2c 5c 22 32 32 5c Data Ascii: {"table":"zb_analytics","data":"{\"0\":\"\",\"1\":\"9e146be9-c76a-4720-bcdb-53011b87bd06\",\"2\":\"20240718153806\",\"3\":\"BitComet\",\"4\":\"BitComet_Pub_B\",\"5\":\"\",\"18\":\"\",\"19\":\"\",\"21\":\"\",\"6\":\"1\",\"7\":\"2.40.1.8912\",\"15\":0,\"22\
2024-07-18 19:38:09 UTC	427	IN	HTTP/1.1 200 OK Content-Type: application/json; charset=utf-8 Content-Length: 15 Connection: close Date: Thu, 18 Jul 2024 19:38:09 GMT Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET,HEAD,PUT,POST,DELETE X-Cache: Miss from cloudfront Via: 1.1 47140f009c2bd3561cd6dde4003253e2.cloudfront.net (CloudFront) X-Amz-Cf-Pop: CDG53-C1 X-Amz-Cf-Id: JHRO2I2bYdoj0u8HeUwtuAcN-dUdecUwDXIRXlVbuI-l2yTbQcOKhg==
2024-07-18 19:38:09 UTC	15	IN	Data Raw: 7b 22 53 74 61 74 75 73 22 3a 22 4f 4b 22 7d Data Ascii: {"Status":"OK"}

Timestamp	Bytes transferred	Direction	Data
2024-07-18 19:38:10 UTC	136	OUT	GET /f/AVG_AV/images/1509/EN.png HTTP/1.1 Connection: Keep-Alive User-Agent: Inno Setup 6.1.2 Host: d11iilsblp9z11.cloudfront.net
2024-07-18 19:38:11 UTC	608	IN	HTTP/1.1 200 OK Content-Type: image/png Content-Length: 53151 Connection: close Last-Modified: Wed, 01 May 2024 12:21:17 GMT x-amz-server-side-encryption: AES256 x-amz-meta-cb-modifiedtime: Tue, 30 Apr 2024 07:13:32 GMT x-amz-version-id: t0aKL0R4FYtf2ry_kAUySb7zudCs2Esv Accept-Ranges: bytes Server: AmazonS3 Date: Wed, 17 Jul 2024 23:46:38 GMT ETag: "aee8e80b35dcb3cf2a5733ba99231560" X-Cache: Hit from cloudfront Via: 1.1 3e54eeb04035e3584145be33441ccbba.cloudfront.net (CloudFront) X-Amz-Cf-Pop: CDG53-C1 X-Amz-Cf-Id: dACurST6EY01jHflu3vWrEAiSt5vgTILrgVJRYvycC7qeT1j5vqqbw== Age: 71494
2024-07-18 19:38:11 UTC	16384	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 23 00 00 01 18 08 06 00 00 00 8e 7f f6 42 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 cf 34 49 44 41 54 78 01 ec fd 09 98 1d c7 79 1e 0a bf 75 ce 99 7d c7 be e3 80 04 57 91 22 a8 d5 92 28 73 20 d9 f1 1a 13 94 1d c9 89 9d 70 90 dc eb dc fc ce bd 04 f3 c4 51 9c dc 84 83 3f 71 6c 3d c9 0d c1 27 cb 9f 38 b9 17 83 9b 45 b6 6c 99 a0 17 59 b2 2d 61 68 ad d4 46 50 0b 77 10 07 fb 8e d9 d7 b3 d4 5f 5f 75 55 77 75 77 f5 72 06 33 58 c8 7a c9 c6 e9 ae fa aa ea ab ea 9e fe de fe 6a 63 70 70 70 68 0e 9f da cd e1 e0 90 85 4f 1e 61 70 70 70 c8 85 02 1c 1c 1c 1c 1c 1c 1c 1c 6e 20 1c 19 71 70 68 1e 15 38 38 Data Ascii: PNGIHDR#BpHYssRGBgAMAa4IDATxyu}W"(s pQ?ql='8ElY-ahFPw__uUwuwr3XzjcppphOapppn qph88
2024-07-18 19:38:11 UTC	16384	IN	Data Raw: c1 73 9b 52 b7 ca 71 25 13 05 b9 54 39 82 ae 97 34 43 73 5c fd ea 73 7a e9 0c aa 73 dd e5 a1 87 ac f7 ab b0 31 a3 7c 93 30 65 c5 47 31 68 d4 85 f4 3d 82 e0 45 58 36 74 38 62 c8 3c a9 e2 0f 20 70 1d 6b 19 1d ae eb 34 ac ce 07 8d 32 75 9d 76 21 ee 59 d1 5f 85 4f aa f2 86 55 7b 44 eb 61 96 01 84 ef 49 b4 1e 51 1c 88 94 31 a6 d2 96 23 f5 3e 88 78 db 8f 20 dc b6 43 2a 6e 0f 82 fa ef 89 e8 36 18 d1 2d fa 3c 3c 66 e4 69 c6 ef 43 d0 b5 f7 38 82 af 65 dd 1e bb 8c 3c 9e 8c e8 f5 a4 11 b7 c7 08 3b 62 c8 d9 8c 5b 39 92 b7 d9 ee bb 10 7e 0e d2 da f8 88 aa b3 59 cf 17 10 ee be 4b d3 d9 56 47 f3 9e 6b 3d 9f 31 74 2a 27 e8 a1 ef cb 20 e2 ed c0 23 e5 96 11 6e 23 b3 fe d1 76 d1 ed 17 6d 97 17 90 dc 2e 50 f9 25 3d ab 49 65 e8 e7 11 09 65 46 ef 85 ae 77 f4 19 5f 12 29 d1 b3 Data Ascii: sRq%T94Cs\szs1\|0eG1h=EX6t8b< pk42uv!Y_OU{DaIQ1#>x Cn6-<<fiC8e<;b[9~YKVGk=1t' #n#vm.P%=IeeFw_)
2024-07-18 19:38:11 UTC	16384	IN	Data Raw: d3 53 ce 91 5e 3f f7 b0 e8 65 3e f3 74 4e cf 83 f9 4c 8f e0 da 30 1a f9 25 1c 8e fc 12 86 11 cc 6a d3 63 6d 2a 08 06 68 27 61 b7 ca 5b 4f 6b a6 76 dd 8f 5b 84 88 10 16 5a e7 07 21 07 ad 7a 2f 5e 73 59 6e 86 b0 c9 33 bf 26 ad 5e 91 84 77 77 46 74 3a 72 1b 85 95 44 1e 62 c0 12 e5 72 da e5 7c bd 5d cd 42 a9 d5 b0 76 4f 19 3a 27 56 81 a5 55 2d b9 cc 66 64 6d 65 a6 c9 e7 91 4b 2b 92 2d 2d 5d 42 6e 30 49 e4 ca 80 c6 8a 30 f1 72 e4 c2 e8 5c 3b 11 b1 a1 ac 7e 2b 09 f1 fa 45 a8 bd 1d 49 f1 95 25 a4 bd 16 bd 4c 39 32 2c 23 b0 77 7b 68 99 34 1d b2 e2 57 0a 59 ed 53 56 bf 15 64 a3 8c f4 7b a4 7f 2b f0 0c 20 7d 7d 0f 18 f2 69 f7 71 a9 c8 ca b3 8c e6 db 7d 39 f4 cc ca 63 25 da a2 19 2c b5 fc 6b f9 7b bb a1 58 fc bd ee af 0a 02 f2 41 7d ad 07 ad 7a 1c 80 f9 1f 91 b3 8d Data Ascii: S^?e>tNL0%jcm*h'a[Okv[Z!z/^sYn3&^wwFt:rDbr\|]BvO:'VU-fdmeK+--]Bn0I0r\;~+EI%L92,#w{h4WYSVd{+ }}iq}9c%,k{XA}z
2024-07-18 19:38:11 UTC	3999	IN	Data Raw: 18 16 3f 58 40 25 a3 82 ed 64 10 eb 52 16 1f 65 ec 19 69 ed 29 a1 a2 82 04 2d a9 6c 71 5f 01 de 75 e6 2e aa b8 e3 1a f5 26 0a 69 54 34 e1 7e 8d b7 aa ac 9d 3e 3e 3d 8b ce 75 8f a1 b1 a3 7a dd 61 45 9f 9e af a4 9e 78 f8 71 32 5b 3f fc 10 ee 13 00 6e 51 e6 cf 9f ef c8 cc cd ee 0c a7 11 ff f1 0a 6a bc 7a 83 b7 d9 aa 69 3c 5b bf 7d 7a 03 14 e6 29 39 8c 5d 36 f5 f3 6b cc f4 7a 06 35 ba b6 f2 4d e5 91 e5 b8 dc af 1c b3 c0 b0 1d 93 df 39 73 7c bc 12 a6 7a 0e 17 bd 2e b6 e3 d3 cb f3 44 46 d0 f1 99 f0 fb ad 4c e7 23 ec 35 a0 e4 dd 90 87 01 ac 94 f2 86 e8 23 a3 39 2e 35 4d 7b 64 60 24 71 a6 ae 03 95 16 e1 21 9f 8f ce c4 a7 c5 8b cc 53 22 42 64 c0 26 41 f9 46 a6 70 3f 7c 69 0a d5 dd 7d 8c 7e bf f2 0c 15 44 92 74 e8 d2 54 f7 ad 9b d2 c2 04 fd e4 8b d4 8c b1 0f 4e ba Data Ascii: ?X@%dRei)-lq_u.&iT4~>>=uzaExq2[?nQjzi<[}z)9]6kz5M9s\|z.DFL#5#9.5M{d`$q!S"Bd&AFp?\|i}~DtTN

Timestamp	Bytes transferred	Direction	Data
2024-07-18 19:38:20 UTC	157	OUT	GET /f/BitComet/1548_Updated/BitComet_2.08a_setup.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Inno Setup 6.1.2 Host: d11iilsblp9z11.cloudfront.net
2024-07-18 19:38:20 UTC	626	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Content-Length: 27549456 Connection: close Last-Modified: Wed, 03 Jul 2024 08:03:38 GMT x-amz-server-side-encryption: AES256 x-amz-meta-cb-modifiedtime: Wed, 03 Jul 2024 07:21:16 GMT x-amz-version-id: FVqyV2z8NGixUw5Iioe2SCcQi.dcxs5H Accept-Ranges: bytes Server: AmazonS3 Date: Thu, 18 Jul 2024 11:33:58 GMT ETag: "4f45f9bd3cc4739bdc91a4d183c0dc01" X-Cache: Hit from cloudfront Via: 1.1 3a7672912a556fc61dac56701b81d9e2.cloudfront.net (CloudFront) X-Amz-Cf-Pop: CDG53-C1 X-Amz-Cf-Id: ZfQjBxfR3CigKplgHBEIT8cjoAl2kwjWAhEoD3_IfO5xUk1bji-lVA== Age: 35262
2024-07-18 19:38:20 UTC	15758	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 ad 31 08 81 e9 50 66 d2 e9 50 66 d2 e9 50 66 d2 2a 5f 39 d2 eb 50 66 d2 e9 50 67 d2 4c 50 66 d2 2a 5f 3b d2 e6 50 66 d2 bd 73 56 d2 e3 50 66 d2 2e 56 60 d2 e8 50 66 d2 52 69 63 68 e9 50 66 d2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 35 ed 6f 5a 00 00 00 00 00 00 00 00 e0 00 0f 01 0b 01 06 00 00 66 00 00 00 b6 00 00 00 08 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1PfPfPf_9PfPgLPf_;PfsVPf.V`PfRichPfPEL5oZf
2024-07-18 19:38:20 UTC	16384	IN	Data Raw: 13 00 00 a1 54 a2 42 00 8b 80 1c 01 00 00 85 c0 74 28 81 fb 00 58 43 00 75 20 50 6a 00 e8 5a 1a 00 00 57 bf e0 81 42 00 57 ff 15 04 81 40 00 85 c0 74 07 57 53 e8 3c 1a 00 00 ff 05 18 37 42 00 53 68 fb 03 00 00 56 e8 52 10 00 00 eb 07 c7 45 0c 0f 04 00 00 81 7d 0c 0f 04 00 00 74 0d 81 7d 0c 05 04 00 00 0f 85 98 01 00 00 83 65 fc 00 83 65 f8 00 53 68 fb 03 00 00 e8 26 10 00 00 53 e8 b3 13 00 00 85 c0 75 07 c7 45 fc 01 00 00 00 be f8 16 42 00 53 56 e8 bf 19 00 00 6a 01 e8 92 1d 00 00 85 c0 89 45 f4 74 3a 33 c0 33 ff 3b c6 74 32 8d 45 dc 50 8d 45 e8 50 8d 45 d4 50 56 ff 55 f4 85 c0 75 76 85 ff 74 03 66 21 07 56 e8 a9 12 00 00 8b f8 66 83 27 00 4f 4f 3b fe 66 c7 07 5c 00 75 ce 53 56 e8 70 19 00 00 56 e8 ea 12 00 00 33 ff 3b c7 74 03 66 89 38 8d 45 e0 50 8d 45 Data Ascii: TBt(XCu PjZWBW@tWS<7BShVRE}t}eeSh&SuEBSVjEt:33;t2EPEPEPVUuvtf!Vf'OO;f\uSVpV3;tf8EPE
2024-07-18 19:38:20 UTC	16384	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 a2 42 00 89 13 40 00 7c 66 40 00 96 3a 40 00 0a 00 00 00 5c 00 00 00 ff ff ff ff ff ff ff ff 76 00 65 00 72 00 69 00 66 00 79 00 69 00 6e 00 67 00 20 00 69 00 6e 00 73 00 74 00 61 00 6c 00 6c 00 65 00 72 00 3a 00 20 00 25 00 64 00 25 00 25 00 00 00 75 00 6e 00 70 00 61 00 63 00 6b 00 69 00 6e 00 67 00 20 00 64 00 61 00 74 00 61 00 3a 00 20 00 25 00 64 00 25 00 25 00 00 00 00 00 2e 00 2e 00 2e 00 20 00 25 00 64 00 25 Data Ascii: B@\|f@:@\verifying installer: %d%%unpacking data: %d%%... %d%
2024-07-18 19:38:20 UTC	16384	IN	Data Raw: fb ff 00 82 f9 ff 00 70 ea ff 00 3f 91 ff 00 26 73 7f 00 00 00 00 00 00 00 00 00 00 00 00 4c 5d c7 1f 14 64 ea ff 0c 6a ee ff 00 72 f8 ff 00 7e fa ff 00 8b fc ff 9f d7 fe ff 3f b5 fe ff 00 a4 ff ff 00 a9 ff ff 20 b9 ff ff 48 c9 ff ff 00 b9 ff ff 00 bd ff ff 7f df ff ff 7f e0 ff ff 00 c0 ff ff 00 bd ff ff 70 d8 ff ff 00 b4 ff ff 00 ae ff ff 00 a9 ff ff 7f d0 fe ff bf e6 fe ff 00 92 fc ff 00 86 fa ff 00 79 f8 ff 00 50 b4 ff 00 3b 93 ff 00 09 39 1f 00 00 00 00 00 00 00 00 22 5f e8 9f 17 67 ec ff 02 68 f7 ff 00 74 fa ff 00 80 fc ff 00 8c fd ff bf e5 ff ff 4f bb ff ff 00 a2 ff ff 00 a8 ff ff 30 bc ff ff 60 ce ff ff 00 b5 ff ff 00 b9 ff ff 7f dd ff ff 7f dd ff ff 00 bb ff ff 08 bb ff ff 80 da ff ff 08 b3 ff ff 00 ad ff ff 00 a7 ff ff bf e8 ff ff ef f9 ff ff 00 Data Ascii: p?&sL]djr~? HpyP;9"_ghtO0`
2024-07-18 19:38:20 UTC	16384	IN	Data Raw: 00 00 00 00 00 00 01 00 00 50 28 00 19 00 78 00 0a 00 06 04 00 00 ff ff 82 00 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 50 0a 00 0a 00 15 00 14 00 ff ff 00 00 ff ff 82 00 ff ff 67 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 50 28 00 0a 00 78 00 0a 00 4c 00 00 00 ff ff 82 00 50 00 6c 00 65 00 61 00 73 00 65 00 20 00 77 00 61 00 69 00 74 00 20 00 77 00 68 00 69 00 6c 00 65 00 20 00 53 00 65 00 74 00 75 00 70 00 20 00 69 00 73 00 20 00 6c 00 6f 00 61 00 64 00 69 00 6e 00 67 00 2e 00 2e 00 2e 00 00 00 00 00 50 41 01 00 ff ff 00 00 00 00 00 00 00 00 40 04 c0 40 03 00 00 00 00 00 2c 01 8c 00 00 00 00 00 00 00 09 00 00 00 00 01 b0 65 30 7d 0e 66 d4 9a 00 00 00 00 00 00 00 00 00 00 00 00 00 50 00 00 00 00 2c 01 0f 00 10 04 00 00 ff ff 82 00 00 00 00 00 00 Data Ascii: P(xPgP(xLPlease wait while Setup is loading...PA@@,e0}fP,
2024-07-18 19:38:20 UTC	16384	IN	Data Raw: cc 6f 11 04 8f 80 c5 1a 58 4e aa ef aa 8b 31 43 09 28 c5 08 46 44 7b 25 ec ff d8 8b 22 ec e4 89 f6 3c 56 ef 10 fe 8e 2f 48 b5 de fc ff d3 1e 54 3d e4 33 fd ba 22 b9 22 d1 67 e3 05 44 7d de 46 c2 3c ad ba 2e 91 5d f7 f8 fc 2f 2e 08 0c 05 2d 10 cb 3b 06 98 1d f4 74 28 7c ad 01 90 38 0f 82 c0 8c 3a 64 3d e0 88 37 cd 52 3c 5c 2f 1a a2 61 38 59 1f e8 a2 09 c1 c3 82 e7 2e c5 0d 40 05 bf 31 7c fa 99 c7 61 e2 fd b5 5f c2 cc 86 7a bc 03 29 04 48 de 3b 17 33 5b ed 07 b6 6b ae 33 d9 44 f5 54 bb 73 28 b8 f2 3b a5 80 61 47 62 f0 20 50 af 13 35 94 75 9c 58 11 36 11 47 6a 09 3c 6e 81 23 b4 d7 51 bc 7d 25 12 23 c2 57 1c 22 7a db 4c 30 b4 9c 01 3c 33 39 df 61 14 5f 82 d6 bf f3 fb 42 3f ae de 1c cb 72 e2 02 f0 e6 50 01 67 28 b1 c1 39 50 12 e6 86 f4 bf 7d e7 64 b0 25 72 80 Data Ascii: oXN1C(FD{%"<V/HT=3""gD}F<.]/.-;t(\|8:d=7R<\/a8Y.@1\|a_z)H;3[k3DTs(;aGb P5uX6Gj<n#Q}%#W"zL0<39a_B?rPg(9P}d%r
2024-07-18 19:38:20 UTC	16384	IN	Data Raw: c5 35 d6 57 2b a5 b2 76 1d 3d c4 13 c0 7d b3 fe 89 5c d2 5f 6d 86 58 96 23 a6 ed ef 18 e5 4a 1e f7 9a dc 15 05 6c 25 e2 c5 66 fa 48 77 cd d7 bc 04 e2 6d 44 e8 e0 95 58 ac cc 78 28 32 c2 ac 5d 90 ea f8 39 f9 db 49 43 8e 8f 12 3b 45 d6 45 67 35 cb 76 59 82 30 54 b4 a5 b1 fc 87 00 19 5f fd 84 82 fe 52 ea 63 2b a8 64 28 c3 7c 42 7b 12 c3 e6 36 f0 1f 3f f0 8b 99 3b bf 9c e8 32 39 9c 54 5f a5 65 90 cc 1b 85 92 28 07 59 4e fd 71 17 4c 91 51 c7 9d 62 99 49 b0 ae de 7d f6 eb b5 59 34 8a 17 f5 2b b5 bb fb b9 ce da 73 6a 28 b4 be 99 7d 92 5d 39 77 eb 42 ea 15 ce 46 42 00 de 60 7d 2f c1 dd a4 04 3f db 84 16 af cd 75 1e d2 2d 7a 5f db 32 8a 09 b8 b7 8a a0 ba 59 cf 3c 8e 3d 65 83 bb b7 fb 0b 78 b0 ac 6f 91 43 b3 22 81 6d 98 8d ae 28 f8 e4 ca e2 01 45 81 d5 65 5f 0e 97 Data Ascii: 5W+v=}\_mX#Jl%fHwmDXx(2]9IC;EEg5vY0T_Rc+d(\|B{6?;29T_e(YNqLQbI}Y4+sj(}]9wBFB`}/?u-z_2Y<=exoC"m(Ee_
2024-07-18 19:38:21 UTC	16384	IN	Data Raw: b1 47 24 6f e2 ca 38 00 13 9c 4b 9a 9b a7 b4 3d 73 5f 53 cd 4e d9 11 9c 90 3b 62 bb 87 59 a7 27 9a 00 14 90 7d ac 83 eb 35 dc c7 9d 67 28 e0 07 3e ff 31 7c ec 7d 5a 82 3f 85 d2 cd ed a9 54 be 3d 01 9e 38 0a 54 ca cf 2c 75 87 cb 15 ca c2 11 10 e2 2d df fb 88 c2 2c c3 95 40 1d a1 8a e7 b2 e9 4d 60 b5 48 79 1b 4a 50 94 b1 19 6d 4e cd 92 e2 9d eb a0 b4 af 14 f2 6f 40 40 3f d5 b9 71 5a a5 d8 a9 9d cc 73 8a 08 ab 12 4a 7a a5 39 98 0a 9e e9 0c 6c d5 26 13 a4 e6 ee 07 69 0b e5 cc d1 6f a0 dc ea 2c 04 6f 96 50 fe 23 af 50 fc 86 9b e0 03 94 0b ee 59 96 9f 8a bd a6 95 a5 ec c2 9c dc 98 bf 6f 65 15 cb e2 f7 d1 9c b7 9e 5a 0c e2 50 c7 ad 13 90 37 48 06 67 ec 60 f7 cf 3f 77 6d 21 0f 79 9c c0 ec e4 a0 53 e1 74 d4 2b 13 ea ee 3d 01 3e 72 2b e2 eb 8a 55 44 9e 54 d7 6a d6 Data Ascii: G$o8K=s_SN;bY'}5g(>1\|}Z?T=8T,u-,@M`HyJPmNo@@?qZsJz9l&io,oP#PYoeZP7Hg`?wm!ySt+=>r+UDTj
2024-07-18 19:38:21 UTC	16384	IN	Data Raw: a1 93 3d fc 5a b0 ce 0d a6 1f c8 7c 88 bd 9d f6 60 ae ce 72 c3 60 97 74 05 eb 87 32 4a 35 41 04 7e a3 0e 32 85 b6 da cf b0 6a 5c a2 63 23 0e 49 86 d0 41 2d 8f 1d 49 cb 9b d0 52 82 ac 32 f4 22 70 d2 31 93 e4 10 7f 0c 9c 68 0c 94 ea 87 39 47 d8 1b 29 19 95 58 3c f9 78 ea cf 60 d6 b9 bd a2 a7 24 b8 a4 46 4d bd c5 34 2a 8e 02 3c 8d f5 b6 d5 20 d4 50 11 28 a9 fb 5f e7 b0 be d0 5f 60 a0 7e ef 9b 1e 72 c6 5f b3 99 c9 ce 62 8e 5a 4e 2a d8 b7 b6 21 ad 9f 75 ce f9 82 80 5c 4e 93 2e 2d 42 e3 aa d7 f8 6d 18 e6 c3 d6 ef f0 65 4e 74 21 e7 24 56 d8 6c 0c 56 b3 10 47 c7 2b 44 5b 82 bf 3c a4 af 88 6f 1a 72 e6 c2 54 67 e9 57 c7 c3 39 dd 83 c5 02 ae b2 c1 f4 d5 3f 1f 51 73 b5 a4 7f 73 1f 30 31 c5 56 7a ff 47 c2 06 ae 37 5e a0 fc 3c 31 e4 a8 d9 aa ba e4 92 4c f7 ef 71 2e f1 Data Ascii: =Z\|`r`t2J5A~2j\c#IA-IR2"p1h9G)X<x`$FM4< P(__`~r_bZN!u\N.-BmeNt!$VlVG+D[<orTgW9?Qss01VzG7^<1Lq.
2024-07-18 19:38:21 UTC	16384	IN	Data Raw: e5 41 85 76 3c ee 5c 57 ef 96 cd 05 84 bb 64 80 38 2c 47 a5 4f 82 18 aa 1f b4 b2 f5 7e 89 69 bb c9 fb e3 f4 aa b8 f9 c5 3d 14 f0 e2 9c 95 d8 a0 92 bd 5e a3 f4 28 47 bc 91 4e 02 d7 b1 b9 23 71 0c ca 54 30 10 87 7f f2 51 84 3c 17 36 02 36 1a b4 a8 7f 05 85 a5 46 99 90 e0 b9 cb c6 d6 04 ff 21 ae 94 7e 84 fb 49 33 3e a6 d6 c8 8a d7 6e b1 5b 47 a4 2c 0a 04 48 7a 20 ef f8 2f d3 b0 99 7f 9e 32 0b dd b4 2f 05 63 b0 74 87 a0 de 33 96 43 d3 01 a5 bc a5 4e 14 c9 2d 64 76 ab 54 be 48 ba 84 b5 68 8e e7 1e 52 dd bd 77 1a f2 86 49 37 70 c4 c5 10 b8 26 df 05 5a d2 b6 7e 28 bb c5 f0 09 6a 00 b7 50 18 a5 39 dd b7 7c 60 52 45 a8 8c a0 7c 82 d0 89 3f 24 7e c8 fb 75 dd ae 32 2f 4d 5b 1e 6f e4 4e 44 21 95 1f 63 50 09 9f 61 44 5d d6 ac 53 61 7f a3 12 ae 6d c6 9a 18 8b c2 3e 72 Data Ascii: Av<\Wd8,GO~i=^(GN#qT0Q<66F!~I3>n[G,Hz /2/ct3CN-dvTHhRwI7p&Z~(jP9\|`RE\|?$~u2/M[oND!cPaD]Sam>r

Timestamp	Bytes transferred	Direction	Data
2024-07-18 19:38:43 UTC	142	OUT	GET /f/WebAdvisor/files/1489/saBSI.zip HTTP/1.1 Connection: Keep-Alive User-Agent: Inno Setup 6.1.2 Host: d11iilsblp9z11.cloudfront.net
2024-07-18 19:38:43 UTC	628	IN	HTTP/1.1 200 OK Content-Type: application/x-zip-compressed Content-Length: 527389 Connection: close Date: Thu, 18 Jul 2024 16:36:17 GMT Last-Modified: Tue, 26 Mar 2024 13:11:30 GMT ETag: "f68008b70822bd28c82d13a289deb418" x-amz-server-side-encryption: AES256 x-amz-meta-cb-modifiedtime: Tue, 26 Mar 2024 13:10:42 GMT x-amz-version-id: 7sn0EuMWH3aYiKrbA4lOPgyoNDAU9iIf Accept-Ranges: bytes Server: AmazonS3 X-Cache: Hit from cloudfront Via: 1.1 4d3c039385e1d4ab0e1d024dacb2fd62.cloudfront.net (CloudFront) X-Amz-Cf-Pop: CDG53-C1 X-Amz-Cf-Id: ppAmZxfMiSnZqMRzgrxLm8lorqEECe9OaNwjS4Kbgh60ymejiRep4Q== Age: 10947
2024-07-18 19:38:43 UTC	16384	IN	Data Raw: 50 4b 03 04 14 00 00 00 08 00 9b 5c 7a 58 1c 99 c3 c5 a9 0b 08 00 80 11 12 00 09 00 00 00 73 61 42 53 49 2e 65 78 65 e4 5a 7f 70 54 d7 75 be 2b 69 a5 d5 8f 65 57 20 63 d9 c8 f1 da 26 8e 9a c1 92 6c a1 09 13 8b c9 82 59 5b 06 01 8b 2d 40 60 01 c2 08 f1 90 65 90 b1 b0 e5 16 3b 72 05 54 ab 95 1c 4d 4a 33 b4 61 dc 5d ad dc 68 3a 9a 56 46 3f d8 75 15 b3 c4 54 12 1d 1c 2b ad 9a 28 29 d3 ca 89 3b f3 1c d4 76 93 12 5b 76 15 d4 f3 9d fb f6 bd dd d5 92 e0 bf b3 03 f7 5d 9d f7 9d ef 9e 73 ee bd e7 fe d8 dd bc bb 5b a4 0a 21 d2 e8 ff c2 82 10 41 21 3f 4e f1 fb 3f 25 26 21 96 dc fb ce 12 31 94 f9 fe 7d 41 53 e5 fb f7 55 29 87 5f 74 34 1d 3b 7a e8 d8 fe e7 1d 07 f6 1f 39 72 b4 d9 f1 ec 41 c7 b1 e3 47 1c 87 8f 38 36 6c 7d da f1 fc d1 ba 83 45 56 6b d6 4a 8d e3 11 db 87 Data Ascii: PK\zXsaBSI.exeZpTu+ieW c&lY[-@`e;rTMJ3a]h:VF?uT+();v[v]s[!A!?N?%&!1}ASU)_t4;z9rAG86l}EVkJ
2024-07-18 19:38:43 UTC	16384	IN	Data Raw: d4 86 29 b5 21 4a 6d 20 dd dc 3f cd bc a4 c3 4c 4d cb 4b 26 b6 e9 52 33 78 49 ff 71 23 35 c9 4b 06 78 6a cd 94 5a 13 a5 16 48 b7 3c 4c 33 2f 59 bc 4d a6 a6 e5 25 67 68 53 33 78 c9 3b 8f 19 a9 49 5e 32 cc 53 eb a5 d4 7a 28 b5 70 ba 15 64 9a 79 c9 eb 7b 65 6a 7b 1c 9a d4 ca 7a 75 a9 19 bc e4 da 01 23 b5 f4 bc e4 90 e4 25 87 38 2f 39 2c 79 c9 84 e0 25 4f 1d 4b cf 4b 36 6e c5 1b 5b 2c 42 ff b2 35 cd 22 f4 e7 37 31 8d fb 3f 9f 99 81 97 cc f1 08 5e 32 b6 d1 d8 1d 66 67 3a 73 d9 8f e4 a7 5b 52 79 49 57 a7 b1 1d 8c ab bc b8 ea 95 2d 13 f3 92 0b 3d 82 97 6c 31 6c 7d b0 bd 1e b6 2b b6 68 f7 63 06 b7 f2 e5 8c 78 c9 80 47 f0 92 8d 78 12 e0 3d 9d c2 4b 26 3a b1 e3 0b c9 79 5b d0 20 b6 fd 12 85 97 f4 75 19 54 83 07 fb 25 4d 30 b9 62 8b 6d bf 64 11 f9 27 5e 32 2c 9f e7 Data Ascii: )!Jm ?LMK&R3xIq#5KxjZH<L3/YM%ghS3x;I^2Sz(pdy{ej{zu#%8/9,y%OKK6n[,B5"71?^2fg:s[RyIW-=l1l}+hcxGx=K&:y[ uT%M0bmd'^2,
2024-07-18 19:38:43 UTC	16384	IN	Data Raw: be cb 8f ff db b1 fd 37 c7 f5 ff ed c1 e3 9f fc 7f 35 fe cd 38 fe df bf cc f8 ef 55 c7 ff 6d 65 fc c7 c5 8f 7f 91 9a 74 6a 6e 34 36 6b 16 71 58 31 9b 20 e8 85 96 62 57 65 0d aa 33 c0 78 40 4c cd 72 d1 94 71 c0 23 e1 a7 cd 15 12 13 3d 21 d1 1c 12 8d 85 c5 54 07 fa 22 79 c6 86 7e 02 ff de 34 d2 0c 7c 2f bd 8d ea 27 28 4e e9 c4 18 7a cb a8 9f 8e d8 fe d3 24 4c 57 d5 80 db f8 ab 2c 92 63 37 62 fa 08 a8 67 a0 3f b1 2d ed f8 e3 42 3d 4a 88 64 b5 65 62 8f bd 47 34 60 82 d0 d6 a0 9e e4 25 92 02 ab c7 ed 42 cb d6 1f 31 ae 0b 24 e3 56 c9 b9 77 c3 25 2e 09 04 ca d9 67 4c 66 a7 d5 94 dc 68 9a 9f b0 b5 17 f3 44 df 95 50 0d df ab d2 64 47 1b 2c 5f 67 4c 63 8c 36 ba a4 1e 40 73 b4 bd b5 f5 29 0d f7 0b dc 5b d4 f4 97 f6 94 a6 ff 68 f8 b9 c8 71 18 1f e9 dc ab 03 e9 d6 df Data Ascii: 758Umetjn46kqX1 bWe3x@Lrq#=!T"y~4\|/'(Nz$LW,c7bg?-B=JdebG4`%B1$Vw%.gLfhDPdG,_gLc6@s)[hq
2024-07-18 19:38:43 UTC	15289	IN	Data Raw: 2c 4f 70 8b 5b 6b f0 7c b9 b7 3e e8 ed 54 4e c9 3b 32 13 c7 fb fc 8b b1 ac e3 dd 05 31 10 01 6b c2 f8 f7 5c 88 7f 31 93 2b f7 f3 9a e9 41 aa 58 58 7e 2b eb 59 bd d2 eb 57 b0 b6 5f b4 b8 cc ea 37 56 7a 9a ff fc 44 38 00 85 8e b7 ac b0 1c 87 01 b6 7c 27 4a 69 91 96 36 a0 44 7d 5c 61 97 40 5e ef d5 6c fd dd 78 6e 5a b3 95 b8 f9 86 ad a1 e5 ef 1c 56 07 8b 40 84 51 26 64 e5 ba ec d4 44 84 b7 49 c4 08 c0 ed e0 f2 46 21 2c 53 ba b9 1e c0 63 33 15 2c 19 97 71 48 5e fe 10 58 dc 22 f6 b8 23 e3 a4 bc b4 08 ae 65 2f 4e 00 58 ed 70 31 db c7 76 3a f7 38 6b b0 58 22 9d a0 3d e4 dd 23 67 1c 78 c2 c6 0e e8 10 0e cd 19 c7 9e 48 f8 38 68 40 38 88 9c 7b ec d9 5b a3 af a7 f7 f4 58 41 c7 d3 de 4a e1 cb e6 0a ba 0b e5 72 ea 4d de 23 1d 6a 96 b9 82 4e 17 bf 33 2a 6b 80 71 7b 71 Data Ascii: ,Op[k\|>TN;21k\1+AXX~+YW_7VzD8\|'Ji6D}\a@^lxnZV@Q&dDIF!,Sc3,qH^X"#e/NXp1v:8kX"=#gxH8h@8{[XAJrM#jN3*kq{q
2024-07-18 19:38:43 UTC	16384	IN	Data Raw: 21 ce 56 99 4a fa 6b 14 e3 1d 9e 45 4c a8 0a f6 ed eb c4 63 51 e8 dc fd 9d 02 8e 42 37 d4 10 0d df a9 38 cf 20 df 29 b3 ec c7 f3 38 02 44 56 23 3c 95 9f 69 64 d7 c3 84 ca c5 1e 1e 00 cd e0 e6 06 bd 1d ff f7 71 15 30 63 28 62 a3 32 a1 26 49 46 fb 2a ca 73 57 68 8a 51 e1 1e 01 57 aa ba b9 bf 42 14 2f 63 a8 44 ad b1 d7 e8 0d 6c 92 43 25 61 8a ad 19 59 2b db cd fc 58 bc ca e4 6b 4c 75 4d 37 ea 6f a7 fa b1 3b 36 21 43 48 ad 08 85 62 62 b7 e1 de c2 74 86 6b cc de 5c 98 a6 78 32 5c ba c0 12 a6 28 f3 49 77 1f f9 6d 71 70 d4 06 9a d0 60 c9 5d f2 2a fa ba 73 74 d6 ae ac c6 f0 6d 82 0e 34 57 cd b3 b3 21 00 b7 94 d6 da bd 79 08 f7 9a 28 b8 b7 56 ae fe 03 f4 f7 a4 df 45 81 b6 7c 1f d0 16 41 8c d8 3a 98 58 42 af c6 b0 05 d1 af 9c 3d 4f 10 8c ac bd a0 13 f9 db 17 18 ea Data Ascii: !VJkELcQB78 )8DV#<idq0c(b2&IFsWhQWB/cDlC%aY+XkLuM7o;6!CHbbtk\x2\(Iwmqp`]stm4W!y(VE\|A:XB=O
2024-07-18 19:38:43 UTC	16384	IN	Data Raw: c6 8b 54 9d 8e 99 ae c1 aa dd a1 aa 17 a5 0e 50 f5 df 2b f5 aa a3 79 d5 b6 0e 5c 3d 63 96 1e 55 d7 be 30 70 d5 e3 b1 ea bf 5e 1f d0 0a ae bd 15 fd fa f4 53 6b 66 a8 d6 0d 87 a8 56 b1 f3 3e b6 f1 a5 c8 2a 47 5c a4 ca 71 58 65 7a a8 4a ef 2d 03 54 b9 df ad 57 79 25 af 32 96 0f 1b a1 11 03 26 ff b7 6a a6 35 1b 91 cd d4 79 38 32 d8 45 67 bb 6d 7c 1e fe d8 63 da 6c d7 8b 4c c8 e5 1a 96 a5 2e 3b 11 db 6e 6c 0b 15 7e e8 52 0a f7 f0 c2 27 f2 c2 55 9e ac 23 f1 1a ee 99 8d 6e 80 60 45 2f 46 a2 f1 f0 73 03 a3 11 3d a8 b3 8f ae 03 a2 a9 fb 40 27 9a 89 e3 03 fd 13 cd f2 25 3a 2e 8f 1d 0c 1b 7e 07 85 0f bf f1 b7 68 b8 ec cb 5f dc ba 96 0e f2 f5 f4 e4 0b 91 22 fc ea 3e 81 0d 89 f0 38 04 36 0b 81 ad 0d 89 f0 f5 d7 f5 0d 2c 45 1e a9 e0 f2 fd 47 07 03 ba 0f 16 1c 99 eb 78 Data Ascii: TP+y\=cU0p^SkfV>*G\qXezJ-TWy%2&j5y82Egm\|clL.;nl~R'U#n`E/Fs=@'%:.~h_">86,EGx
2024-07-18 19:38:43 UTC	16384	IN	Data Raw: 9f ca f1 69 e8 3b 17 42 a7 bc 85 82 1e 0a a6 c3 ff 19 78 16 74 d1 3f 4d e4 49 1b 93 1a fb fc d5 7f e1 8e 78 54 67 94 c6 c8 b9 ad 53 3d b7 65 8a df fc 68 f6 39 4c 43 ef 7c e6 64 df fb e2 6a 0b e7 e7 ed 9f af ca 10 77 26 2b 33 8b 7c 1d 5a 8c b0 f0 29 a4 8c ad f6 dd 2e 78 f5 20 42 b6 c3 2e 15 c7 70 b9 4b 59 a8 8e 97 37 d6 ba 04 5a 77 25 cc c0 10 93 8d fc 21 b1 01 55 7c e8 99 b3 b5 4f 5f 20 ee c4 40 16 a6 4d a8 06 72 d5 24 97 87 26 0e 60 fb dd 20 dd 2f 28 2d 8f 00 7b 5b 2c b0 d9 98 a1 82 69 51 c1 1c 0f e0 58 86 01 98 8c 00 4a 96 32 06 86 83 7e 89 3a 97 21 7f c8 cb 24 e5 20 41 39 bc 02 98 5e f8 44 d9 77 b8 bd ed c5 e3 1f 68 94 15 cb 78 18 86 67 36 3d 82 2e f0 9f 09 07 61 b9 69 b3 52 b2 9d 76 1a 04 96 c8 8b 18 62 8a a0 37 fc cd a4 68 1b cf da 26 b0 ac 6d 11 07 Data Ascii: i;Bxt?MIxTgS=eh9LC\|djw&+3\|Z).x B.pKY7Zw%!U\|O_ @Mr$&` /(-{[,iQXJ2~:!$ A9^Dwhxg6=.aiRvb7h&m
2024-07-18 19:38:43 UTC	14808	IN	Data Raw: 58 b8 92 49 66 1b 23 a6 04 e5 82 19 88 22 28 0a ba 81 6f d6 97 17 e2 1d c5 f6 52 5d 19 ae 04 3a 00 2d ca 84 17 ab 95 f9 a1 2c 36 d2 ac 4c 5e d2 b4 f6 bf 1a 69 f7 bf 3e e4 fc 26 eb 8b b5 93 cd 1b f9 7d 06 f9 e3 c5 fa e4 49 36 af 08 d0 ca 63 23 41 50 3c d1 a4 be d8 e4 35 2b 5d 56 bf a6 f8 cf 07 fc ff fb 3a d0 b3 07 df c3 50 83 c7 2d 1f 90 43 7e 71 42 ee a1 43 3e 91 13 03 63 ed 8c 0b 3a 71 73 e6 36 c8 c1 8d 8b 71 b5 10 3e a8 af 17 b1 72 e7 c4 66 50 00 3e 9e d4 6f 33 24 e0 1c 63 48 a7 40 8f d6 07 8a 41 18 82 c8 b1 05 e1 8a 02 fe 5f 93 ec 25 74 c1 b2 30 c3 16 8b 69 b3 bc 80 ad c9 8f 98 c1 ab 16 7c e5 c2 f2 42 c0 64 49 3c 2a f7 5d 10 15 c2 1f fd 1d a8 93 ad 24 7f 45 ac 8e 84 65 9e c5 54 87 e0 c1 85 f6 2a 49 35 6f 61 62 95 24 ba 24 ce c1 8b f3 6f 59 29 10 75 48 Data Ascii: XIf#"(oR]:-,6L^i>&}I6c#AP<5+]V:P-C~qBC>c:qs6q>rfP>o3$cH@A_%t0i\|BdI<]$EeTI5oab$$oY)uH
2024-07-18 19:38:43 UTC	16384	IN	Data Raw: 27 5a 51 80 48 86 d7 ca d2 c2 d0 d8 d4 21 7f e5 aa c4 21 6f 1f 90 0f 64 95 4a f5 fc 85 ef f4 9b 81 11 52 4e 3d ff dd 77 52 fc fd 9b 9e 88 8d c7 b4 c7 cb d1 d3 8f 67 a9 ff 2a a1 bf 2d a7 e4 0d 76 16 ef de 1d c3 7a d5 9d f3 32 8c 15 78 a9 dd 87 59 99 6d ea ce 68 66 1b 3b 87 db 05 3e c2 c5 01 8f 8b ed d1 47 02 c1 96 e3 95 39 ba 8b 55 e5 8a f3 8d ac 84 8c 7a a9 e4 18 9b fc 18 24 17 30 d0 cb 15 d0 7f a6 96 3b 43 d3 d9 08 16 8d c5 4b 1f 59 03 b6 e3 15 35 91 37 82 79 35 0c 26 40 b7 37 23 a4 e2 6e f9 26 19 5e 86 de 2b 69 ea ca a2 fd ef 80 d0 58 0c 6c f5 1e 5b 81 f3 e6 8e 92 64 db 9c 1c e3 4c cb d5 f3 93 0e 0b 5b 59 82 50 1b 1e 88 0f da 6f cf cf 18 e0 41 f5 f2 df e5 c6 09 ef fa 3a 52 c4 82 77 01 df b5 a4 e5 bb 7b 46 db 7c a7 02 49 14 3b 70 ee ba f3 c8 7a 2b ff c9 Data Ascii: 'ZQH!!odJRN=wRg*-vz2xYmhf;>G9Uz$0;CKY57y5&@7#n&^+iXl[dL[YPoA:Rw{F\|I;pz+
2024-07-18 19:38:43 UTC	16384	IN	Data Raw: 8d 07 f9 6c fa f8 68 1a 2b 19 18 ef 92 5d 37 c3 b3 8b 27 79 ec 4a b6 8f e0 ca aa 49 db e1 d5 ed d1 e2 8f 9d d0 e2 8f 4d dd 68 d4 39 f9 4f 2d 02 d8 92 83 c6 60 fa 1c 07 7d 85 1d 4a a7 a1 bd 2d 1e 08 9b 79 8a 83 56 a0 cd 27 f3 a0 93 8c a1 15 d9 e2 92 af b5 36 a2 01 d2 f0 88 ca a5 7f 41 be cd 7a 94 49 52 b5 ac 71 e6 4b a9 3f 42 3f 3b c5 30 a8 7e d6 63 e6 e1 c8 60 f5 66 7d 82 75 76 67 07 b6 0d f6 ba 67 b5 5d 47 f9 1b 8c 7b 44 46 38 73 06 83 c0 09 95 78 b7 75 12 7e 94 04 de 4a 6f cf 53 42 25 7a 35 d6 e2 b3 61 ff d7 1b b5 2d e3 0c 18 6a df be b3 41 7d 8c 82 af 3c 4c 5a 46 1d ec a2 b5 84 83 3d 39 7e 5f fb 59 ae a4 71 90 3a 85 e5 73 d0 db 7f 89 aa 18 7c af 41 c1 a2 eb 2e 5e d4 ef db 7c 36 b8 57 aa d5 de 30 da a6 6f 8f 06 62 d0 f8 6b 58 8e d2 eb 11 2a be d6 98 19 Data Ascii: lh+]7'yJIMh9O-`}J-yV'6AzIRqK?B?;0~c`f}uvgg]G{DF8sxu~JoSB%z5a-jA}<LZF=9~_Yq:s\|A.^\|6W0obkX*

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report SecuriteInfo.com.Riskware.OfferCore.5002.4698.exe

Overview

General Information

Detection

Compliance

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Yara Signatures

Dropped Files

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Snort Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Bitcoin Miner

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

E-Banking Fraud

Spam, unwanted Advertisements and Ransom Demands

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Program Files\BitComet\BitComet.exe

C:\Program Files\BitComet\BitComet.url

C:\Program Files\BitComet\ChangeLog.txt

C:\Program Files\BitComet\CrashReport.exe

C:\Program Files\BitComet\License.txt

Windows Analysis Report
SecuriteInfo.com.Riskware.OfferCore.5002.4698.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-18 19:38:44 UTC	136	OUT	GET /f/AVG_AV/files/1319/avg.zip HTTP/1.1 Connection: Keep-Alive User-Agent: Inno Setup 6.1.2 Host: d11iilsblp9z11.cloudfront.net
2024-07-18 19:38:45 UTC	545	IN	HTTP/1.1 200 OK Content-Type: application/zip Content-Length: 125405 Connection: close Date: Thu, 18 Jul 2024 19:38:46 GMT Last-Modified: Tue, 17 Oct 2023 08:25:24 GMT ETag: "56b0d3e1b154ae65682c167d25ec94a6" x-amz-server-side-encryption: AES256 x-amz-version-id: 7L8o.GLX1Vn.tHqh_TFMmsecTIZweR8e Accept-Ranges: bytes Server: AmazonS3 X-Cache: Miss from cloudfront Via: 1.1 b59465a36dda3b4ec573f7a87861306c.cloudfront.net (CloudFront) X-Amz-Cf-Pop: CDG53-C1 X-Amz-Cf-Id: oVcXlrXhg-Uq9tTZ7o8-Eeuhi2fk5pOiR6jiFtMwpTSl0pQOKBfjfg==
2024-07-18 19:38:45 UTC	15345	IN	Data Raw: 50 4b 03 04 14 00 00 00 08 00 c5 58 51 57 d0 61 0b d8 1f e9 01 00 b8 95 03 00 1c 00 00 00 61 76 67 5f 61 6e 74 69 76 69 72 75 73 5f 66 72 65 65 5f 73 65 74 75 70 2e 65 78 65 e4 5d 7f 7c 54 47 11 7f 97 1c c9 95 1e bc a3 4d 6a da 52 48 2d 56 ea d1 36 10 40 e8 01 0d 81 03 5a 09 bd 10 b8 a0 25 40 2d 8d e7 89 1a 93 3b 40 4b 28 e9 e5 2c cf c7 53 54 50 54 aa 54 ea 47 54 d4 a8 89 a4 48 e8 25 c1 fc 2a 42 42 51 d2 82 36 5a d4 97 26 da b4 a4 e1 80 34 e7 77 66 df fd 08 bf ac 1f fd 4f 5a ee ed db 9d 9d 9d 9d 99 dd 99 9d dd 7d e4 7d 6c bb 94 2c 49 92 19 7f 23 11 49 aa 95 c4 9f 1c e9 df ff c9 34 49 d2 e8 f1 07 47 4b d5 37 fc ee ce 5a d3 e2 df dd b9 cc f3 c9 b2 cc 92 d2 cf 7e a2 f4 b1 4f 67 3e fe d8 67 3e f3 59 5f e6 c7 9f c8 2c f5 7f 26 f3 93 9f c9 9c ff 48 41 e6 a7 3f Data Ascii: PKXQWaavg_antivirus_free_setup.exe]\|TGMjRH-V6@Z%@-;@K(,STPTTGTH%*BBQ6Z&4wfOZ}}l,I#I4IGK7Z~Og>g>Y_,&HA?
2024-07-18 19:38:45 UTC	473	IN	Data Raw: aa 3e a1 da f4 72 6d 36 e9 b5 11 33 3f 56 fd cd d8 43 b3 d4 b6 7d 15 1b f8 3b 7b a4 cf fc 44 e5 30 75 b8 5f 68 f5 10 37 02 0f 5f 91 a1 01 3d f8 fe 91 9f 8c 47 7d 0a 4c 68 71 07 29 59 bb 83 44 37 92 c4 07 75 d2 b2 2b f9 36 94 a1 e4 d9 43 f9 76 dc 91 90 b7 91 e2 f9 8b 00 45 c0 45 77 77 fc fd e1 c5 56 fc c5 00 82 bd 6a 91 7a 1f 08 88 a1 51 e9 37 8b 1f 03 31 86 39 70 87 16 db 69 e5 18 68 4d a2 32 e8 72 f2 df c2 bc 64 10 a5 91 eb e4 12 a7 5d 22 50 cc 2c 11 88 f6 ef ca ef c0 85 73 ac ad 66 c6 2c 1e ab e3 28 c3 bf 78 f7 91 aa eb 8c f7 91 9c 5e f1 e3 b0 f1 3e 92 b4 bf 6d 8c da df 62 56 0e eb 5f d0 86 1b 1c 45 65 36 8f ea d7 19 9e 68 41 a9 26 65 28 34 e3 3a d9 85 db 00 a5 4a 19 e2 52 1f bc 97 48 e0 19 b3 68 58 c2 7d 66 93 b0 3c 65 43 54 f6 99 37 1d b5 d2 24 5a bc Data Ascii: >rm63?VC};{D0u_h7_=G}Lhq)YD7u+6CvEEwwVjzQ719pihM2rd]"P,sf,(x^>mbV_Ee6hA&e(4:JRHhX}f<eCT7$Z
2024-07-18 19:38:45 UTC	16384	IN	Data Raw: 52 61 09 80 f1 8f 5f bf 5c aa fa 3c aa e9 af f1 83 2a 15 93 90 a9 e1 ab d8 b1 ac c2 25 03 e9 4f 47 34 6d 51 e9 9e 96 6b 68 c9 93 42 19 d0 5b f2 a4 47 4c 18 4c b1 af f4 0e 86 df a1 f2 cf 8a 29 de d2 bb 11 c3 4c 08 0f a5 57 72 3d f2 db f3 70 63 49 f3 6c fc 06 d5 b7 48 0e 58 4c 80 46 fc 45 9d 03 95 03 26 00 13 35 ea fd 32 98 f2 20 1c 7b 5f 4f 79 59 bd ae 27 3d 91 b7 e6 5a e5 c3 46 8f 8c fe 8a 72 79 2d 6f 2d 9e ea 95 ba fc 2b 49 f3 de ea c8 6b f2 88 b7 42 d1 2b 75 cb a2 57 ea 46 f8 c4 21 a4 b0 1f 9e 50 ae 55 b1 e0 e6 45 ae 0d ed e8 55 32 a9 39 f1 43 bf dd 05 c4 74 d5 ce 2b ae fd 25 01 a7 e1 1e 07 a0 57 96 68 17 82 f7 ec 45 77 9b 0f 9a 24 3f a9 31 f0 13 39 df 7b a3 f3 dd 3b e4 ea 36 d8 07 7c 8f 99 d5 56 41 77 25 79 84 db 8e f8 24 44 99 65 94 0d 1d 2a b2 11 69 Data Ascii: Ra_\<%OG4mQkhB[GLL)LWr=pcIlHXLFE&52 {_OyY'=ZFry-o-+IkB+uWF!PUEU29Ct+%WhEw$?19{;6\|VAw%y$Dei
2024-07-18 19:38:45 UTC	16384	IN	Data Raw: 0e 02 d9 7b d3 b3 f1 f4 b6 0e a5 47 78 8d 30 55 1e 60 5f 8d c6 83 0d 0c 23 e3 37 df 48 00 1b 86 e2 8f 08 ff 2e 0f 6f 78 3f fc d7 46 79 f0 25 f0 a3 5c e1 42 b3 34 7e f6 71 94 82 2e 55 2a 93 52 e8 56 a5 75 89 bc 50 71 8c 98 fc c2 4b 7b 80 95 91 e6 54 55 cf 5e 12 02 ee f1 b3 6d 60 15 3e 77 51 78 0d 85 67 ef 33 c3 2b 28 7c 1f 5d 18 db c5 af d1 5f e1 af ba ff d7 10 72 3e 0b 79 8e 9b cb a2 9d fb 5c 14 94 88 a0 e8 54 38 39 c0 e3 04 d0 11 03 f0 0e 8f 7b 94 82 9e 88 05 4d a7 a0 3f 23 bd 7d 33 c8 75 9c 5c d9 e4 ea 20 d7 2c 72 b5 92 6b 0e b9 7e 4d ae 4c 72 3d 46 ae 79 e4 fa 21 b9 3c e4 fa 0e b9 32 c8 f5 15 6e 07 2e 10 b2 b1 9f 43 74 9c 9d 4a 26 ee c5 75 9b e1 bc 6b 0b 31 27 58 07 7c 70 c9 6e 22 b7 4f 41 7d 0d 4a 79 9b 8e bf ca ae c4 ca 5a e5 1d 93 6f 61 0d 0e 40 ff Data Ascii: {Gx0U`_#7H.ox?Fy%\B4~q.U*RVuPqK{TU^m`>wQxg3+(\|]_r>y\T89{M?#}3u\ ,rk~MLr=Fy!<2n.CtJ&uk1'X\|pn"OA}JyZoa@
2024-07-18 19:38:45 UTC	2048	IN	Data Raw: c8 8c cb ff 2d 95 ba 1b 54 a5 4d 93 90 3a bf 2a ef 1a df 80 77 72 25 9e f8 28 e7 02 a1 cf 82 f1 04 df 68 1e f7 7d 13 22 05 d8 64 c4 c2 16 80 fd fe c2 10 1a de c3 b4 d4 62 54 0e f7 e3 99 68 04 da d4 22 7f 84 ca 50 3b ae 42 4a d9 c6 ab 35 89 aa e5 9b 90 57 d1 ef b3 89 d4 26 9e 1a 00 8f af c5 14 44 47 a2 49 f8 02 29 34 fd 1b 6d 3f 97 e0 13 aa 0e ba 75 c8 8c ed 3f 6e c3 af 1f c6 c7 f9 6b 68 ae cf f3 f8 f7 e2 ac 23 df ac 1d 03 72 9a b3 13 c2 b7 7f 2a 49 83 cf e8 ec 61 e7 d9 75 94 64 82 2a 5d 03 27 6f 6c e3 55 18 0a b2 86 f0 cf b1 42 35 b6 9d 0c 1e e9 12 67 e7 88 fd 34 8f f5 93 d1 66 32 0c e4 f6 b0 31 b9 62 fb 94 2d 28 42 bb ca cd 72 0c dc a1 94 78 bf c8 b5 83 52 6f 3d 81 1f 76 7a 17 4e 9c 90 17 0c a1 b1 48 e2 66 4d f4 50 88 27 13 c5 4a d0 3c 9a 6b dd 6e 8f fd Data Ascii: -TM:wr%(h}"dbTh"P;BJ5W&DGI)4m?u?nkh#rIaud*]'olUB5g4f21b-(BrxRo=vzNHfMP'J<kn
2024-07-18 19:38:45 UTC	16384	IN	Data Raw: c8 37 95 8e 7b 7e 46 6f 9c 4f a9 03 09 6c e5 ee f0 b5 7f 7c 90 eb 70 5d 4c 4a 03 48 97 c4 56 20 0d 2c 72 5a d8 8d 3c 31 46 8f 6f e9 dd b4 5f de 09 93 64 ec 7a 0b f9 85 a0 c4 97 62 b3 8c 75 ed 9c a8 1b b3 0c 6f 99 bd a4 18 af df be 10 8c 88 f4 50 de 89 de c3 8e 7d 2b 06 ce 38 0b d3 20 ad b7 77 57 58 5a 0f b7 b9 05 74 95 f2 e0 66 9f 52 c6 56 2d a0 db c7 20 8e 99 10 b4 10 d3 40 25 d8 b2 20 72 f3 1f eb 1c 5e 3b 3a 7b 40 95 9c 6e b2 9a 70 e2 41 8e 1e f0 2b 7d bc 1d 8c d1 42 d7 2a 59 20 b1 e3 db 4d 18 d9 5d e1 1e 18 8b b9 16 b5 82 d1 2c 5d 07 57 32 0d ba 42 d5 c7 64 00 23 a5 29 99 7d 89 92 4f d6 f6 c2 fa 45 2f 5b 82 4e 27 e3 79 de 71 ec 21 ea ff 33 96 d5 e4 ff 10 46 77 c6 b3 df 7e 3c 2c 8c 00 24 c2 08 80 d7 58 4d ce 4b bd 66 f6 c1 ab bc 6e 08 1d c2 24 0d 77 ca Data Ascii: 7{~FoOl\|p]LJHV ,rZ<1Fo_dzbuoP}+8 wWXZtfRV- @% r^;:{@npA+}B*Y M],]W2Bd#)}OE/[N'yq!3Fw~<,$XMKfn$w
2024-07-18 19:38:46 UTC	16384	IN	Data Raw: 25 2e a3 a0 d3 ef 58 29 19 81 6d cd 7d 5a be 06 4f cd f3 d7 04 76 5b 0d 3a 0f 74 4d 09 40 20 45 35 98 37 b5 06 27 c4 49 62 33 9f cd bd 48 97 35 79 53 85 47 32 52 63 b4 02 4d e7 18 cd fe 72 b2 bd 3b 98 ce 50 3d 84 87 a6 f8 75 27 e2 72 6c 6e b3 18 5b fd 6f d3 fc f1 e7 ad fe 83 48 d4 f2 b6 18 ad f0 c7 fd 36 d8 73 8a ef 1b ec ad 24 1b e9 c0 49 8c b3 55 54 9d 87 5c 03 63 ae 18 74 57 0c 2b 6a b6 6c d9 82 29 2b 44 cc c7 51 29 54 e4 a0 2c d7 14 58 c3 f4 93 56 4e b7 97 dd 1c 38 4b 86 58 46 e2 78 39 5c c9 96 10 71 45 15 e5 61 a2 e4 70 e6 3d 42 eb 51 34 aa 2b 1b 20 77 93 22 19 71 77 22 0e 84 93 1f af b7 28 83 63 ea ec 5f 82 29 7e 4e f7 ca b1 a2 c7 cc 61 29 bb 3e 25 19 67 04 db 4b 77 93 6d 22 e0 c3 f7 b4 65 22 bb fe a5 79 0a af 90 c8 d2 12 9e 25 8d ed 56 a6 f5 c9 24 Data Ascii: %.X)m}ZOv[:tM@ E57'Ib3H5ySG2RcMr;P=u'rln[oH6s$IUT\ctW+jl)+DQ)T,XVN8KXFx9\qEap=BQ4+ w"qw"(c_)~Na)>%gKwm"e"y%V$
2024-07-18 19:38:46 UTC	16384	IN	Data Raw: 15 cf f4 4d 32 35 bf fd fc d5 04 ff 8c fc 3b 1d 9d 26 27 84 3f ec d2 e1 c7 a2 9f e6 d5 a9 d7 30 79 61 78 5a 41 bd d6 b1 01 0d ad fc 6a cd 9a 50 da c2 eb c3 ee f7 8f 5c fc 4b 61 a7 2f 82 02 c3 1f 9d d5 d9 cd 3e 5c 64 65 f7 ed a4 bf 2d 19 b2 5f bd 2f 6e c3 f9 8b 33 af 7c df a5 48 9d 54 b1 f0 cb a5 a5 0d c7 7d bd 67 ae 97 95 b8 03 1a de ee 36 f1 e0 ca b6 8d 1f d6 52 f5 fb e9 e4 ba 0f 33 3f 68 b5 6b ed b4 51 6b 4a 3b 1a 1d bb 4e 09 59 b1 ab a8 e1 de 82 88 ce e1 47 36 77 59 59 fc f9 d3 4d 19 9d 5b 84 77 e8 7c bc 61 ef c2 f9 4f 0d dd 2e 8c fe e2 9d 25 4e 41 bf 37 2b ed 53 f9 8d ef cd d3 33 6b 26 37 39 65 dd ec e9 8f 9f f5 de b2 71 e7 be d4 1f 14 2e bb ac d9 ce d8 b0 37 60 ea 85 cc 4a 4f ff 73 d7 26 e4 75 bc f5 b5 7d fc 60 e3 37 4d 0b b6 f6 19 d9 ee ec 89 cb d6 Data Ascii: M25;&'?0yaxZAjP\Ka/>\de-_/n3\|HT}g6R3?hkQkJ;NYG6wYYM[w\|aO.%NA7+S3k&79eq.7`JOs&u}`7M
2024-07-18 19:38:46 UTC	12511	IN	Data Raw: e6 4f 83 4b bc c9 b6 18 73 ea b9 8e 24 91 0f c1 7c 67 26 ec ce 5a e8 cf 66 f0 df 02 fe db a8 a7 0a 64 50 83 1e f5 da 47 aa 3a e0 6f 8a be 6b 7d 1a ba 83 f1 b6 41 77 e2 15 fd 16 bc 59 c8 da 42 33 ee b7 fb bd 63 ee b6 e3 f9 cf f1 7c 2e 46 99 e2 25 21 24 59 11 c5 f3 94 ae 4a 21 e9 ea a9 24 5d 33 8d a4 6b d3 19 d8 b9 90 b6 2a 95 a4 bf 4f 26 69 6d 22 49 59 de aa 58 92 42 1e 29 da 48 8a 36 b3 44 db c8 16 06 91 6c fe 28 92 cd 1b 4e 36 0b 7d 68 80 7f 10 75 50 9a 8f f9 c2 3a 52 e9 bc 91 54 ba 6e a2 1e ca 5b a8 47 f7 6d d4 43 7d 27 f5 ec 0d fe 7a 87 49 4d 84 fa b7 3d 4d 1a 1e e0 3f 12 fc 23 ee 90 d6 94 fb 8c b3 80 a4 c7 a4 15 8f 50 fe eb e3 8c 54 0f e9 86 a9 5c 0b f1 bc 11 65 e2 45 13 ee a1 4e 5f 58 30 4e 6b d2 48 ba 2e 03 c8 22 e9 fa 6c 92 6e 98 0e e4 b0 73 20 0b Data Ascii: OKs$\|g&ZfdPG:ok}AwYB3c\|.F%!$YJ!$]3k*O&im"IYXB)H6Dl(N6}huP:RTn[GmC}'zIM=M?#PT\eEN_X0NkH."lns
2024-07-18 19:38:46 UTC	13108	IN	Data Raw: 88 5a 4a ad a7 3e a7 1a d3 fd e9 07 40 d5 a5 cc 39 66 3c 5b ca 2e 00 14 bb d8 03 ec 19 f6 22 fb 23 db 82 eb c8 75 e6 06 73 cf 73 2f 73 5f 71 d7 b9 ea fc 5c fe 3d fe 2a 5f 43 68 2a b4 10 08 b1 96 58 5f 6c 29 46 88 51 a2 2c 76 17 07 43 be 33 c5 09 e2 6c 71 9e f8 92 f8 b2 b8 51 dc 0a 98 3f 10 0f c1 2e 10 52 35 e9 5e c8 97 21 0d 91 5e 92 5e 91 36 c1 2a ec 95 f6 4b 47 a5 10 59 97 7b c9 f9 f2 2c f9 45 79 ad fc be 7c 50 3e 22 9f 94 6f c9 ad 95 2c 65 81 b2 4c d9 a2 7c a8 9c 51 6e 28 81 6a 4d b5 b9 1a a7 3e a2 a6 a9 e3 d4 f7 d5 3f a8 c7 d5 6f d5 7a 5a 1b 2d 46 2b d0 9e d2 56 6b fb b5 6f b5 40 68 47 0f bd 58 9f a6 bf aa 7f a1 37 36 5a 1b 8c 61 18 7d 8c 42 63 bc 51 62 2c 30 16 1b 6b 8d ad c6 0e e3 80 f1 b5 c5 8b 49 c8 e0 71 a8 46 3e 48 26 92 c9 e4 93 b0 d0 cf 91 2f Data Ascii: ZJ>@9f<[."#uss/s_q\=_ChX_l)FQ,vC3lqQ?.R5^!^^6*KGY{,Ey\|P>"o,eL\|Qn(jM>?ozZ-F+Vko@hGX76Za}BcQb,0kIqF>H&/

Timestamp	Bytes transferred	Direction	Data
2024-07-18 19:38:57 UTC	326	OUT	POST /zbd HTTP/1.1 Connection: Keep-Alive Content-Type: application/json; Charset=UTF-8 Accept: / Authorization: Signature=c0ca984d9cd1b9e9ffdf6097b502a49003af5070b14ac3fa1760d15f36f3f81f User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Content-Length: 289 Host: d11iilsblp9z11.cloudfront.net
2024-07-18 19:38:57 UTC	289	OUT	Data Raw: 7b 22 74 61 62 6c 65 22 3a 22 7a 62 5f 61 6e 61 6c 79 74 69 63 73 22 2c 22 64 61 74 61 22 3a 22 7b 5c 22 30 5c 22 3a 5c 22 5c 22 2c 5c 22 31 5c 22 3a 5c 22 39 65 31 34 36 62 65 39 2d 63 37 36 61 2d 34 37 32 30 2d 62 63 64 62 2d 35 33 30 31 31 62 38 37 62 64 30 36 5c 22 2c 5c 22 32 5c 22 3a 5c 22 32 30 32 34 30 37 31 38 31 35 33 38 30 36 5c 22 2c 5c 22 33 5c 22 3a 5c 22 42 69 74 43 6f 6d 65 74 5c 22 2c 5c 22 34 5c 22 3a 5c 22 42 69 74 43 6f 6d 65 74 5f 50 75 62 5f 42 5c 22 2c 5c 22 35 5c 22 3a 5c 22 42 69 74 43 6f 6d 65 74 5c 22 2c 5c 22 31 38 5c 22 3a 5c 22 5c 22 2c 5c 22 31 39 5c 22 3a 5c 22 5c 22 2c 5c 22 32 31 5c 22 3a 5c 22 5c 22 2c 5c 22 36 5c 22 3a 5c 22 33 5c 22 2c 5c 22 37 5c 22 3a 5c 22 32 2e 34 30 2e 31 2e 38 39 31 32 5c 22 2c 5c 22 31 35 5c 22 Data Ascii: {"table":"zb_analytics","data":"{\"0\":\"\",\"1\":\"9e146be9-c76a-4720-bcdb-53011b87bd06\",\"2\":\"20240718153806\",\"3\":\"BitComet\",\"4\":\"BitComet_Pub_B\",\"5\":\"BitComet\",\"18\":\"\",\"19\":\"\",\"21\":\"\",\"6\":\"3\",\"7\":\"2.40.1.8912\",\"15\"
2024-07-18 19:38:57 UTC	427	IN	HTTP/1.1 200 OK Content-Type: application/json; charset=utf-8 Content-Length: 15 Connection: close Date: Thu, 18 Jul 2024 19:38:57 GMT Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET,HEAD,PUT,POST,DELETE X-Cache: Miss from cloudfront Via: 1.1 3a7672912a556fc61dac56701b81d9e2.cloudfront.net (CloudFront) X-Amz-Cf-Pop: CDG53-C1 X-Amz-Cf-Id: V27sJObpUYDlsNL7ipTNHxygcx8XD_7SMWAs4hQSpqf6bcwZ0_kQ2A==
2024-07-18 19:38:57 UTC	15	IN	Data Raw: 7b 22 53 74 61 74 75 73 22 3a 22 4f 4b 22 7d Data Ascii: {"Status":"OK"}

Timestamp	Bytes transferred	Direction	Data
2024-07-18 19:39:06 UTC	326	OUT	POST /zbd HTTP/1.1 Connection: Keep-Alive Content-Type: application/json; Charset=UTF-8 Accept: / Authorization: Signature=c0ca984d9cd1b9e9ffdf6097b502a49003af5070b14ac3fa1760d15f36f3f81f User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Content-Length: 346 Host: d11iilsblp9z11.cloudfront.net
2024-07-18 19:39:06 UTC	346	OUT	Data Raw: 7b 22 74 61 62 6c 65 22 3a 22 7a 62 5f 61 6e 61 6c 79 74 69 63 73 22 2c 22 64 61 74 61 22 3a 22 7b 5c 22 30 5c 22 3a 5c 22 5c 22 2c 5c 22 31 5c 22 3a 5c 22 39 65 31 34 36 62 65 39 2d 63 37 36 61 2d 34 37 32 30 2d 62 63 64 62 2d 35 33 30 31 31 62 38 37 62 64 30 36 5c 22 2c 5c 22 32 5c 22 3a 5c 22 32 30 32 34 30 37 31 38 31 35 33 38 30 36 5c 22 2c 5c 22 33 5c 22 3a 5c 22 42 69 74 43 6f 6d 65 74 5c 22 2c 5c 22 34 5c 22 3a 5c 22 42 69 74 43 6f 6d 65 74 5f 50 75 62 5f 42 5c 22 2c 5c 22 35 5c 22 3a 5c 22 57 65 62 41 64 76 69 73 6f 72 5c 22 2c 5c 22 31 38 5c 22 3a 5c 22 5a 42 5f 57 65 62 41 64 76 69 73 6f 72 5c 22 2c 5c 22 31 39 5c 22 3a 5c 22 5c 22 2c 5c 22 32 31 5c 22 3a 5c 22 5c 22 2c 5c 22 36 5c 22 3a 5c 22 33 5c 22 2c 5c 22 37 5c 22 3a 5c 22 32 2e 34 30 2e Data Ascii: {"table":"zb_analytics","data":"{\"0\":\"\",\"1\":\"9e146be9-c76a-4720-bcdb-53011b87bd06\",\"2\":\"20240718153806\",\"3\":\"BitComet\",\"4\":\"BitComet_Pub_B\",\"5\":\"WebAdvisor\",\"18\":\"ZB_WebAdvisor\",\"19\":\"\",\"21\":\"\",\"6\":\"3\",\"7\":\"2.40.
2024-07-18 19:39:07 UTC	427	IN	HTTP/1.1 200 OK Content-Type: application/json; charset=utf-8 Content-Length: 15 Connection: close Date: Thu, 18 Jul 2024 19:39:07 GMT Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET,HEAD,PUT,POST,DELETE X-Cache: Miss from cloudfront Via: 1.1 4809763494a078a525dc1a2dff5ddf6c.cloudfront.net (CloudFront) X-Amz-Cf-Pop: FRA53-C1 X-Amz-Cf-Id: 40h9FYiPnvRz6LrB2RlBY3PbzMF473Tl9g0wcgoqtGuJpb-C_UANYQ==
2024-07-18 19:39:07 UTC	15	IN	Data Raw: 7b 22 53 74 61 74 75 73 22 3a 22 4f 4b 22 7d Data Ascii: {"Status":"OK"}

Timestamp	Bytes transferred	Direction	Data
2024-07-18 19:39:07 UTC	232	OUT	PUT /mosaic/2.0/product-web/am/v1/record HTTP/1.1 Connection: Keep-Alive Content-Type: application/json User-Agent: SA X-Api-Key: wtuQtD4DdA8poRbq0pzMh1iysE9YiVlC14kJF9ZI Content-Length: 311 Host: analytics.apis.mcafee.com
2024-07-18 19:39:07 UTC	311	OUT	Data Raw: 7b 22 44 61 74 61 22 3a 7b 22 4d 61 63 68 69 6e 65 5f 49 44 22 3a 22 39 65 31 34 36 62 65 39 2d 63 37 36 61 2d 34 37 32 30 2d 62 63 64 62 2d 35 33 30 31 31 62 38 37 62 64 30 36 22 2c 22 4f 53 22 3a 22 57 49 4e 22 2c 22 4f 53 5f 50 6c 61 74 66 6f 72 6d 22 3a 22 36 34 22 2c 22 4f 53 5f 56 65 72 73 69 6f 6e 22 3a 22 31 30 2e 30 2e 31 39 30 34 31 2e 31 38 38 39 22 2c 22 50 72 6f 64 75 63 74 5f 56 65 72 73 69 6f 6e 22 3a 22 34 2e 31 2e 31 2e 38 36 35 22 2c 22 55 55 49 44 22 3a 22 7b 35 32 36 34 31 37 38 43 2d 43 35 31 36 2d 34 34 39 37 2d 39 43 34 42 2d 43 38 45 30 42 44 39 34 39 45 30 35 7d 22 2c 22 65 61 22 3a 22 50 72 6f 63 65 73 73 22 2c 22 65 63 22 3a 22 42 6f 6f 74 53 74 72 61 70 49 6e 73 74 61 6c 6c 65 72 22 2c 22 65 6c 22 3a 22 53 74 61 72 74 65 64 22 Data Ascii: {"Data":{"Machine_ID":"9e146be9-c76a-4720-bcdb-53011b87bd06","OS":"WIN","OS_Platform":"64","OS_Version":"10.0.19041.1889","Product_Version":"4.1.1.865","UUID":"{5264178C-C516-4497-9C4B-C8E0BD949E05}","ea":"Process","ec":"BootStrapInstaller","el":"Started"
2024-07-18 19:39:07 UTC	303	IN	HTTP/1.1 200 OK Date: Thu, 18 Jul 2024 19:39:07 GMT Content-Type: application/x-amz-json-1.1 Content-Length: 16 Connection: close x-amzn-RequestId: e979f743-de51-89e5-b66a-86d8c1cdccb8 x-amz-id-2: +RFLrbyw7O0nOIMO1oprHhRJFmRfIghaHAu5Um2ciqkLPekL+U1R4gR+qBY1KzIt5rmUV+l9uUf/Bqjik8SZeCjkW87zpqoR
2024-07-18 19:39:07 UTC	16	IN	Data Raw: 7b 22 6d 65 73 73 61 67 65 22 3a 22 6f 6b 22 7d Data Ascii: {"message":"ok"}

Timestamp	Bytes transferred	Direction	Data
2024-07-18 19:39:08 UTC	232	OUT	PUT /mosaic/2.0/product-web/am/v1/record HTTP/1.1 Connection: Keep-Alive Content-Type: application/json User-Agent: SA X-Api-Key: wtuQtD4DdA8poRbq0pzMh1iysE9YiVlC14kJF9ZI Content-Length: 311 Host: analytics.apis.mcafee.com
2024-07-18 19:39:08 UTC	311	OUT	Data Raw: 7b 22 44 61 74 61 22 3a 7b 22 4d 61 63 68 69 6e 65 5f 49 44 22 3a 22 39 65 31 34 36 62 65 39 2d 63 37 36 61 2d 34 37 32 30 2d 62 63 64 62 2d 35 33 30 31 31 62 38 37 62 64 30 36 22 2c 22 4f 53 22 3a 22 57 49 4e 22 2c 22 4f 53 5f 50 6c 61 74 66 6f 72 6d 22 3a 22 36 34 22 2c 22 4f 53 5f 56 65 72 73 69 6f 6e 22 3a 22 31 30 2e 30 2e 31 39 30 34 31 2e 31 38 38 39 22 2c 22 50 72 6f 64 75 63 74 5f 56 65 72 73 69 6f 6e 22 3a 22 34 2e 31 2e 31 2e 38 36 35 22 2c 22 55 55 49 44 22 3a 22 7b 35 32 36 34 31 37 38 43 2d 43 35 31 36 2d 34 34 39 37 2d 39 43 34 42 2d 43 38 45 30 42 44 39 34 39 45 30 35 7d 22 2c 22 65 61 22 3a 22 49 6e 73 74 61 6c 6c 22 2c 22 65 63 22 3a 22 42 6f 6f 74 53 74 72 61 70 49 6e 73 74 61 6c 6c 65 72 22 2c 22 65 6c 22 3a 22 53 74 61 72 74 65 64 22 Data Ascii: {"Data":{"Machine_ID":"9e146be9-c76a-4720-bcdb-53011b87bd06","OS":"WIN","OS_Platform":"64","OS_Version":"10.0.19041.1889","Product_Version":"4.1.1.865","UUID":"{5264178C-C516-4497-9C4B-C8E0BD949E05}","ea":"Install","ec":"BootStrapInstaller","el":"Started"
2024-07-18 19:39:08 UTC	303	IN	HTTP/1.1 200 OK Date: Thu, 18 Jul 2024 19:39:08 GMT Content-Type: application/x-amz-json-1.1 Content-Length: 16 Connection: close x-amz-id-2: TFPgsHB9tNVqf/imYahVDumMRKL8ezLA1J3xCTzJuLMCwUITNnDkJMDFCfOmL+jQvxVFKMbFfuplyQSAE2WfAmxDVKYWr9qO x-amzn-RequestId: d1b742f3-15ab-0920-8ea4-336f8a4ff4a3
2024-07-18 19:39:08 UTC	16	IN	Data Raw: 7b 22 6d 65 73 73 61 67 65 22 3a 22 6f 6b 22 7d Data Ascii: {"message":"ok"}

Timestamp	Bytes transferred	Direction	Data
2024-07-18 19:39:11 UTC	139	OUT	POST /v4/receive/json/25 HTTP/1.1 Connection: Keep-Alive User-Agent: Icarus Http/1.0 Content-Length: 1281 Host: analytics.avcdn.net
2024-07-18 19:39:11 UTC	1281	OUT	Data Raw: 7b 22 72 65 63 6f 72 64 22 3a 5b 7b 22 65 76 65 6e 74 22 3a 7b 22 74 79 70 65 22 3a 32 35 2c 22 73 75 62 74 79 70 65 22 3a 31 2c 22 72 65 71 75 65 73 74 5f 69 64 22 3a 22 30 30 62 31 32 65 65 33 2d 36 31 39 33 2d 34 32 33 64 2d 62 35 36 38 2d 34 66 34 34 38 35 33 63 36 63 66 32 22 2c 22 74 69 6d 65 22 3a 31 37 32 31 33 33 37 39 39 35 36 33 39 7d 2c 22 73 65 74 75 70 22 3a 7b 22 63 6f 6d 6d 6f 6e 22 3a 7b 22 6f 70 65 72 61 74 69 6f 6e 22 3a 22 69 6e 73 74 61 6c 6c 22 2c 22 73 65 73 73 69 6f 6e 5f 69 64 22 3a 22 31 38 34 30 63 36 37 38 2d 64 36 32 61 2d 34 39 34 35 2d 38 65 34 66 2d 33 36 65 61 66 33 66 30 63 34 61 35 22 2c 22 73 74 61 67 65 22 3a 22 73 66 78 2d 73 74 61 72 74 22 2c 22 74 69 74 6c 65 22 3a 22 22 7d 2c 22 70 72 6f 64 75 63 74 22 3a 7b 22 6e Data Ascii: {"record":[{"event":{"type":25,"subtype":1,"request_id":"00b12ee3-6193-423d-b568-4f44853c6cf2","time":1721337995639},"setup":{"common":{"operation":"install","session_id":"1840c678-d62a-4945-8e4f-36eaf3f0c4a5","stage":"sfx-start","title":""},"product":{"n
2024-07-18 19:39:11 UTC	216	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 18 Jul 2024 19:39:11 GMT Content-Type: application/json Content-Length: 19 Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-07-18 19:39:11 UTC	19	IN	Data Raw: 7b 22 70 72 6f 63 65 73 73 65 64 22 3a 20 74 72 75 65 7d Data Ascii: {"processed": true}

Timestamp	Bytes transferred	Direction	Data
2024-07-18 19:39:12 UTC	232	OUT	PUT /mosaic/2.0/product-web/am/v1/record HTTP/1.1 Connection: Keep-Alive Content-Type: application/json User-Agent: SA X-Api-Key: wtuQtD4DdA8poRbq0pzMh1iysE9YiVlC14kJF9ZI Content-Length: 336 Host: analytics.apis.mcafee.com
2024-07-18 19:39:12 UTC	336	OUT	Data Raw: 7b 22 44 61 74 61 22 3a 7b 22 4d 61 63 68 69 6e 65 5f 49 44 22 3a 22 39 65 31 34 36 62 65 39 2d 63 37 36 61 2d 34 37 32 30 2d 62 63 64 62 2d 35 33 30 31 31 62 38 37 62 64 30 36 22 2c 22 4f 53 22 3a 22 57 49 4e 22 2c 22 4f 53 5f 50 6c 61 74 66 6f 72 6d 22 3a 22 36 34 22 2c 22 4f 53 5f 56 65 72 73 69 6f 6e 22 3a 22 31 30 2e 30 2e 31 39 30 34 31 2e 31 38 38 39 22 2c 22 50 72 6f 64 75 63 74 5f 56 65 72 73 69 6f 6e 22 3a 22 34 2e 31 2e 31 2e 38 36 35 22 2c 22 55 55 49 44 22 3a 22 7b 35 32 36 34 31 37 38 43 2d 43 35 31 36 2d 34 34 39 37 2d 39 43 34 42 2d 43 38 45 30 42 44 39 34 39 45 30 35 7d 22 2c 22 65 61 22 3a 22 50 61 69 64 44 69 73 74 72 69 62 75 74 69 6f 6e 3d 74 72 75 65 22 2c 22 65 63 22 3a 22 49 6e 70 75 74 50 61 72 61 6d 65 74 65 72 73 22 2c 22 65 6c Data Ascii: {"Data":{"Machine_ID":"9e146be9-c76a-4720-bcdb-53011b87bd06","OS":"WIN","OS_Platform":"64","OS_Version":"10.0.19041.1889","Product_Version":"4.1.1.865","UUID":"{5264178C-C516-4497-9C4B-C8E0BD949E05}","ea":"PaidDistribution=true","ec":"InputParameters","el
2024-07-18 19:39:12 UTC	303	IN	HTTP/1.1 200 OK Date: Thu, 18 Jul 2024 19:39:12 GMT Content-Type: application/x-amz-json-1.1 Content-Length: 16 Connection: close x-amzn-RequestId: dcfdbb00-51d9-b901-83ee-caa0cf1be520 x-amz-id-2: Cu5HgkABJsBTpbA7kid2iq203KPUFFE5xIdzUSambz/jnozLnwmFpYKX8HMKV3SworEZOrBFg4bF2KV2IusV9Zeu4lXbZ7NL
2024-07-18 19:39:12 UTC	16	IN	Data Raw: 7b 22 6d 65 73 73 61 67 65 22 3a 22 6f 6b 22 7d Data Ascii: {"message":"ok"}

Timestamp	Bytes transferred	Direction	Data
2024-07-18 19:39:19 UTC	232	OUT	PUT /mosaic/2.0/product-web/am/v1/record HTTP/1.1 Connection: Keep-Alive Content-Type: application/json User-Agent: SA X-Api-Key: wtuQtD4DdA8poRbq0pzMh1iysE9YiVlC14kJF9ZI Content-Length: 507 Host: analytics.apis.mcafee.com
2024-07-18 19:39:19 UTC	507	OUT	Data Raw: 7b 22 44 61 74 61 22 3a 7b 22 41 66 66 69 64 22 3a 22 39 31 30 38 38 22 2c 22 43 6f 75 6e 74 72 79 5f 43 6f 64 65 22 3a 22 55 53 22 2c 22 44 69 73 74 72 69 62 75 74 69 6f 6e 5f 53 75 62 49 44 22 3a 22 55 4e 44 45 46 49 4e 45 44 22 2c 22 49 6e 73 74 61 6c 6c 5f 49 44 22 3a 22 55 4e 44 45 46 49 4e 45 44 22 2c 22 49 6e 73 74 61 6c 6c 5f 4c 6f 75 64 6e 65 73 73 22 3a 22 53 69 6c 65 6e 74 22 2c 22 49 6e 73 74 61 6c 6c 5f 53 6f 75 72 63 65 22 3a 22 50 61 69 64 44 69 73 74 72 69 62 75 74 69 6f 6e 22 2c 22 49 72 6f 6e 73 6f 75 72 63 65 5f 50 69 78 65 6c 22 3a 22 55 4e 44 45 46 49 4e 45 44 22 2c 22 4d 61 63 68 69 6e 65 5f 49 44 22 3a 22 39 65 31 34 36 62 65 39 2d 63 37 36 61 2d 34 37 32 30 2d 62 63 64 62 2d 35 33 30 31 31 62 38 37 62 64 30 36 22 2c 22 4f 53 22 3a Data Ascii: {"Data":{"Affid":"91088","Country_Code":"US","Distribution_SubID":"UNDEFINED","Install_ID":"UNDEFINED","Install_Loudness":"Silent","Install_Source":"PaidDistribution","Ironsource_Pixel":"UNDEFINED","Machine_ID":"9e146be9-c76a-4720-bcdb-53011b87bd06","OS":
2024-07-18 19:39:19 UTC	303	IN	HTTP/1.1 200 OK Date: Thu, 18 Jul 2024 19:39:19 GMT Content-Type: application/x-amz-json-1.1 Content-Length: 16 Connection: close x-amzn-RequestId: c8552d14-3eea-dc30-9746-5cb36571f0bd x-amz-id-2: OKGKND/ld/vcEeRUPVFfy6rAjsum/VNFl/0lY2CGlrEqhXLHJaWHKS7wwiUrdK7A8jVprcfJn4qrKnesUx+4jCBUnGRhT3ay
2024-07-18 19:39:19 UTC	16	IN	Data Raw: 7b 22 6d 65 73 73 61 67 65 22 3a 22 6f 6b 22 7d Data Ascii: {"message":"ok"}

Timestamp	Bytes transferred	Direction	Data
2024-07-18 19:39:20 UTC	326	OUT	GET /client/bitcomet/?ver=2.08&intl=en_us&osintl=jv&cid=ae7b79c1d0de3420440a531a8fc59151&btcnt=0&httpcnt=0&p=x64&idt=20240718 HTTP/1.1 Host: update.bitcomet.com Connection: close Accept: / User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
2024-07-18 19:39:20 UTC	283	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 18 Jul 2024 19:39:20 GMT Content-Type: text/xml; charset=utf-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding Strict-Transport-Security: max-age=15768000; preload X-Content-Type-Options: nosniff
2024-07-18 19:39:20 UTC	5589	IN	Data Raw: 31 35 63 38 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0a 3c 42 69 74 43 6f 6d 65 74 20 76 65 72 73 69 6f 6e 3d 22 30 2e 31 22 3e 0a 20 20 3c 41 75 74 6f 55 70 64 61 74 65 3e 0a 20 20 20 20 3c 55 70 64 61 74 65 47 72 6f 75 70 4c 69 73 74 3e 0a 20 20 20 20 20 20 3c 46 61 76 6f 75 72 69 74 65 73 3e 0a 20 20 20 20 20 20 20 20 3c 66 69 6c 65 31 20 76 65 72 5f 6d 69 6e 3d 22 31 2e 30 35 22 20 76 65 72 5f 6d 61 78 3d 22 32 2e 39 39 22 20 6c 61 6e 67 75 61 67 65 3d 22 65 6e 5f 75 73 22 20 6e 61 6d 65 3d 22 66 61 76 5f 65 6e 5f 75 73 2e 78 6d 6c 22 20 6d 64 35 3d 22 64 35 32 36 31 65 65 64 32 61 64 36 61 33 64 35 37 35 61 34 31 61 64 30 34 64 32 61 36 34 32 65 22 3e 68 74 74 70 3a 2f 2f Data Ascii: 15c8<?xml version="1.0" encoding="UTF-8"?><BitComet version="0.1"> <AutoUpdate> <UpdateGroupList> <Favourites> <file1 ver_min="1.05" ver_max="2.99" language="en_us" name="fav_en_us.xml" md5="d5261eed2ad6a3d575a41ad04d2a642e">http://

Timestamp	Bytes transferred	Direction	Data
2024-07-18 19:39:21 UTC	734	OUT	GET /start/en_us/2.08/ HTTP/1.1 Host: inside.bitcomet.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117", "Microsoft Edge WebView2";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-07-18 19:39:21 UTC	424	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 18 Jul 2024 19:39:21 GMT Content-Type: text/html Content-Length: 1805 Last-Modified: Mon, 17 Jun 2024 02:19:32 GMT Connection: close Vary: Accept-Encoding ETag: "666f9d34-70d" Expires: Sun, 21 Jul 2024 19:39:21 GMT Cache-Control: max-age=259200 Strict-Transport-Security: max-age=15768000; preload X-Content-Type-Options: nosniff Accept-Ranges: bytes
2024-07-18 19:39:21 UTC	1805	IN	Data Raw: ef bb bf 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0d 0a 3c 74 69 74 6c Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><titl